The Self Service Password Reset, available with Azure AD and Office 365, has been updated to let your end-user use the Microsoft Authenticator mobile app when using the Self Service Password Reset (SSPR).

First you need to enable this new capability from your Azure AD portal ( or Azure portal ( and reach the Password reset configuration blade


Then go to the Authentication methods blade and enable the Mobile app code option; the Mobile app notification is not available for activation only when 2 methods are required for password reset.

NOTE it is important to note that end-users will not be register their mobile app when registering for SSPR; they have to register it using or

If only 1 method is required, the app notification option is not available If 2 methods are required, then you can enable the app notification option
image image

You must instruct your end-users to get the mobile authenticator app (for Android: – or for iOS: and register as soon as possible.

Once the option(s) has/have been enable, the next time your end-user will have to use the SSPR they will have to option to use the mobile authenticator app, either using code or notification – when the notification is used, they will have to also use another method (but can not use the code one)

When 1 method is required When 2 methods are required
image image
  The other authenticator app option is not available for the 2nd method