Skip to content
eTop University

๐Ÿ” Microsoft is changing password reset โ€” register your methods by 7 Sept 2026

Microsoft is tightening the rules on self-service password reset (SSPR) โ€” the feature that lets you reset your own Microsoft 365 password without calling the helpdesk. The good news: for most people the fix takes about two minutes, and the system will even prompt you to do it.

Whatโ€™s changing, in plain English

When you reset your own password, Microsoft has to confirm itโ€™s really you. Today it can sometimes do that using a phone number or email address that was simply stored on your account โ€” even if you never personally set it up as a security method.

As of 7 September 2026, that no longer works. Microsoft will only accept verification methods that you have explicitly registered yourself โ€” like the Microsoft Authenticator app, a phone number you added, or a backup email you confirmed.

Why? Itโ€™s a security upgrade. A stored phone number can be changed behind the scenes by automated systems. A method you registered proves itโ€™s really you holding the phone. Microsoft is making this change as part of its Secure Future Initiative.

Who this affects

  • Youโ€™re already fine if you use the Microsoft Authenticator app or have set up MFA (multi-factor authentication) โ€” you registered a method when you did that. Nothing to do.
  • You may need to act if youโ€™ve never set up the Authenticator app or registered a phone/email for sign-in, and youโ€™ve been relying on a number that was pre-filled on your account.

If youโ€™re unsure which group youโ€™re in, the safest move is just to check โ€” see below.

What you need to do

You have two easy paths:

  1. Let Microsoft prompt you. Starting 6 July 2026, Microsoft will automatically ask affected users to register a method right after they sign in. If you see that prompt, take 60 seconds and complete it โ€” donโ€™t dismiss it.

  2. Do it now and be done. Go to https://aka.ms/mysecurityinfo, sign in, and confirm you have at least one security method listed (Authenticator app, phone, or email). If the list is empty or thin, add one.

Our step-by-step walkthrough is here: Verify your authentication methods. Setting up the Authenticator app is covered in Setting up MFA on a new phone.

What eTop is doing for you

You donโ€™t have to manage this alone. Behind the scenes, weโ€™re:

  • Reviewing every account we manage to find users who donโ€™t yet have a registered method
  • Paying special attention to administrator accounts, where a lockout would be most disruptive
  • Standing by to help anyone who canโ€™t complete registration on their own

If we spot gaps on your team, weโ€™ll reach out. And if you get stuck at any point, just contact our support desk and weโ€™ll walk you through it.

The bottom line

If you can already approve a sign-in with the Authenticator app or a code on your phone, youโ€™re covered. If youโ€™re not sure, spend two minutes at https://aka.ms/mysecurityinfo before 7 September 2026 โ€” and youโ€™ll never have to think about it again.