7,023 questions
Hello,
it looks like this:
The user is changing the password on the Entra side. He does not reset his password, that's what confuses me.
Understanding question, password hash synchronization, entra audit log
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 31%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
Schäfer, Marius
0
Reputation points
We manage multiple M365 tenants, all of which are similarly structured.
There is a local AD domain that is synchronized with the AAD via Azure AD-Connect (passwordhash-sync and password-writeback are enabled).
When a user changes their password, the Entra audit log will normally show "Change Password (Self-Service)" or "Change User Password".
In one tennant when a password is changed, it always says "Reset Password". "User initiated password reset", "Reset password (self-service)" or "Reset user password". However, the user always changes his password normally and does not reset it because he forgot it or something similar.
What can cause this?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,080 questions
Windows for business | Windows Server | User experience | Other
20,212 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sanoop M 4,145 Reputation points Microsoft External Staff Moderator2025-01-27T21:26:30.53+00:00 Hello @Schäfer, Marius,
Thank you for posting your query on Microsoft Q&A.
Please note that when you have enabled Self-Service Password Reset(SSPR) in your Microsoft Entra ID tenant, then when the user resets their password, in the user's Audit logs Activity Type will be Reset password(self-service).
I am attaching the Screenshot below for your reference.
If you have problems with using SSPR from the Windows sign-in screen, the Microsoft Entra audit log includes information about the IP address and ClientType where the password reset occurred, as shown in the following example output:
Please note that in the above Screenshot, we can see the Activity Name is Reset password(self-service).
To better understand this issue, could you please provide me the below mentioned details.
- Could you please update us where the user is changing the password(whether from Microsoft Entra ID side or from On-Prem AD side).
- Could you please send me the Screenshot where the user's Audit logs is showing as "Change Password (Self-Service)" or "Change User Password".
For additional details, please refer to the below document for your reference.
I am looking forward to your response.
Thanks and Regards,
Sanoop Mohan
Sign in to comment
1 answer
Sort by: Most helpful
-
Schäfer, Marius 0 Reputation points
2025-01-28T08:18:39.66+00:00 -
Sanoop M 4,145 Reputation points Microsoft External Staff Moderator
2025-01-29T17:19:26.7633333+00:00 Hello @Schäfer, Marius,
Thank you for your response.
Please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.
We can connect offline and discuss further on this issue.
Thanks and Regards,
Sanoop Mohan
-
Sanoop M 4,145 Reputation points Microsoft External Staff Moderator
2025-01-30T21:21:06.7166667+00:00 Hello @Schäfer, Marius,
We haven’t heard from you on the last response and was just checking back to see if you could please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.
We can connect offline and discuss further on this issue.
Thanks and Regards,
Sanoop Mohan
Sign in to comment -