As a Microsoft Partner, it's rare that a day goes by where we don't get a few requests for Office 365 password resets. We get it - a user sets their password, never logs out and ends up forgetting what they made their password (we're just happy you aren't using the same password for every account!).
While we certainly don't mind changing passwords (and if your Microsoft admin or partner does mind, you need a new one!), it is actually pretty easy to handle this internally so you don't have to wait for us. In Office 365, you can set up a user (called a Password Administrator) specifically to handle password change requests.
Password admins have the ability to reset other users’ passwords, manage service requests (create helpdesk tickets with Microsoft), and monitor service health (see if any of the Office 365 services are currently having issues).
They cannot change other administrators’ passwords, assign licenses, see any billing information, or change any service settings.
Mark a User as a Password Admin
Password Admins have to be assigned by global admins. To do this, from the Office 365 Admin Center, click on Users > Active Users. Select the user > choose Roles > select the ‘Customized administrator’ option and choose the ‘Password administrator’.
As a security precaution, Microsoft requires that all administrators have a secondary form of authentication. You will be asked for an alternate email address for each user you give an administrative role for this reason. In the event that an administrator loses their password, this email address is used to verify their identity and give them access to reset their own passwords.
Once a user has been designated as a password administrator, they can change other users' passwords in the Admin Center. Log in to the Admin Center, click on 'Users', select the user whose password you want to change, then click the Reset Password button. Select the appropriate options (auto generate or create the password yourself and designate whether the user will need to change the password when they sign in) and click the Reset button.
Microsoft also has a support page for users and admins with quick links to reset passwords, which you can access here.
User Management Admins
Office 365 has another type of admin that may also be useful for companies with frequent user changes: User management administrators.
They can do everything a password admin can do plus manage user roles, meaning they can add and delete user accounts. This is limited to end users. They cannot create or delete or reset passwords for other administrators.
To mark a user as a user management admin, follow the steps above for password administrators, but check the 'User management administrator' box instead.
Keeping Admins Secure
For security purposes, it's best to limit the number of administrators in your organization. The more people who have admin level access, the more potential large security holes you have in your organization.
Anyone administrators in your Office 365 tenant should have additional security features turned on, especially if you don't already security features turned on for everyone. We've covered our top Office 365 security features in this blog post. At the very least, you should turn on multi-factor authentication for all admins (already included in your Office 365 subscription).
If you have Azure Active Directory Privileged Identity Management, you can limit the number of admins by marking some users as on-demand, temporary admins, so they just have admin level access when they need it.