Setting up Self-Service Password Reset on Organizational Accounts (for Registered Owners)

With the new updates around Self-Service Password Reset, organizational accounts are gaining the ability to reset their own passwords, without the need to contact the IT help centre. This new feature does require additional authentication methods to be added to an account, so this guide is meant to assist the Registered Owners of organizational (and sponsored) accounts with additional methods in a way that doesn't disturb the existing default method established on an account, while making it convenient to complete Self-Service Password Reset.

The below steps should only be performed by the Registered Owner of a given organizational or sponsored account, to ensure they have access to and knowledge of the additional MFA methods being added to the account.

In addition, the following steps can be completed when you are in person at the University or remotely if you have Cisco Jabber installed on your computer and setup with your office phone number and extension.

If your account is already added to the Self-Service Password Reset group, you can follow this guide starting from the top, but if you plan on adding a method preemptively, you can skip to the following section of the guide to add another method now.

Adding the recommended additional methods:

Once your account is added to the Self-Service Password Reset group, your next successful login to an SSO-protected service (e.g. https://mail.uoguelph.ca/), should automatically prompt you for "More information", in which case you may select the "Next" button:

Since you already have an MFA method setup on the account (for this guide we will assume you have an Authenticator app setup as the existing MFA method), you will likely be prompted for a phone number as the second method. An office phone is one of the suggested options for the additional MFA methods, but to set that up on an account, you'll first need to set up at least one other method. Given that, you can select the "I want to set up a different method" option on the page:

You will then be presented with the different methods available, at which point you can select the "Security questions" option:

To set up Security Questions as a secondary method, you may select and then enter the corresponding answers to five questions chosen from the list of provided options in the "Select a Question" dropdown boxes (You may save the answers to these questions in a Password/Secret Manager app to ensure you remember the correct answers). Once this is complete, you may click the "Done" button to finalize adding Security Questions as a secondary method:

After you successfully enter the security questions as a secondary method, you'll be prompted to select the "Done" option to continue signing in to the service you were logging into:

Adding Office Phone as an additional method

Now that you've added the security questions, you can set your office phone as an additional method to the account on the "My Security Info" page of your M365 account settings. You can access that page by using the following link in the browser you're signed in to with your organizational/sponsored account: aka.ms/mysecurityinfo

You'll be prompted to enter your office phone number and extension. The country code should be "Canada (+1)" the phone number should be "5198244120", and the extension should be your particular office phone extension (the same extension set in Cisco Jabber if you have it installed). Once this information is set correctly, you may select the "Next" button:

You will be prompted to complete a Captcha test to show that you are not a robot. Once you enter the code, you may select the "Next" button:

You'll then receive a call to your office phone number after a few seconds of delay (if you have Cisco Jabber installed on your computer you may also answer the phone call using that application). The automated call should prompt you to enter the pound (#) key, and then it should prompt you to enter the pound key again, at which point it should indicate that your sign-in has been verified.

At this point, you will be presented with a message indicating that the office phone was registered successfully, and you may select the "Done" button:

With that, you should now be able to complete Self-Service Password Reset, whenever you need to change the password on your organizational/sponsored account. For details on that, you may consult the following help-page: https://ithelp.uoguelph.ca/sspr

If you've added the office phone as a method preemptively, and there are now only two methods on the account (Authenticator app with TOTP, and Office phone), you should add a third method that you have access to in case you lose access to one of the other two methods, so that you may still complete Self-Service Password Reset.

Security Questions and External Email are both possible options that you can add by following the instructions after you select the "Add sign-in method" button.