Hey folks! I'm looking for some advice on the licensing requirements for Office 365, particularly regarding user password management in a hybrid Exchange setup. Right now, we have Exchange 2016 on-premise and are using Entra ID Connect on our Domain Controller. Since Exchange 2016 is reaching its end of life, we want to migrate everyone to Exchange Online and shut down the on-prem server.
Currently, when our remote users' AD passwords expire, they access OWA for the on-prem Exchange, get prompted to change their passwords, and then Entra ID synchronizes those updates to the cloud. However, once we decommission Exchange 2016, these users won't have a way to reset their passwords if they expire. We do have password expiration policies in place; unfortunately, that's just the way it is.
I've read that we might need to enable Entra ID Connect with Password Writeback and set up Azure's Self-Service Password Reset, which leads to my main question: do all our users need to have an Entra ID P1 license to reset their passwords after we move to Exchange Online? That license is pretty pricey, more than an Exchange Online Plan 1! Are there any alternatives for letting our remote users reset their passwords without shelling out for that license?
4 Answers
Yes, to utilize Self-Service Password Reset, you will indeed need an Entra ID P1 license or a license that includes it. This is essential for remote users to manage their own password resets after decommissioning your Exchange 2016 server.
If you want to avoid the costs of the P1 licenses, setting up a VPN could be a viable alternative. This way, remote users can connect to your network and change their passwords as needed.
Just a heads-up: some Office 365 licenses, like E3, actually include Entra P1, so you might want to check if any of your users might qualify for that! That could mitigate some costs.
A bit of a hacky solution, but if you set up Remote Desktop Web Access properly, it could allow users to log in and change expired passwords without needing the P1 license. Just something to consider if you're looking for low-cost options!
Just to add, if you're looking for options, the hybrid self-service password reset is possible with some Business licenses, like Business Standard, which could save you some costs.