The Self Service Password Reset, available with Azure AD and Office 365, has been updated to let your end-user use the Microsoft Authenticator mobile app when using the Self Service Password Reset (SSPR).
First you need to enable this new capability from your Azure AD portal (https://aad.portal.azure.com/) or Azure portal (https://portal.azure.com) and reach the Password reset configuration blade
Then go to the Authentication methods blade and enable the Mobile app code option; the Mobile app notification is not available for activation only when 2 methods are required for password reset.
NOTE it is important to note that end-users will not be register their mobile app when registering for SSPR; they have to register it using aka.ms/mfasetup or aka.ms/setupsecurityinfo
If only 1 method is required, the app notification option is not available | If 2 methods are required, then you can enable the app notification option |
![]() |
![]() |
You must instruct your end-users to get the mobile authenticator app (for Android: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en – or for iOS: https://itunes.apple.com/us/app/microsoft-authenticator/id983156458?mt=8) and register as soon as possible.
Once the option(s) has/have been enable, the next time your end-user will have to use the SSPR they will have to option to use the mobile authenticator app, either using code or notification – when the notification is used, they will have to also use another method (but can not use the code one)
When 1 method is required | When 2 methods are required |
![]() |
![]() or ![]() ![]() |
The other authenticator app option is not available for the 2nd method![]() |