Password Reset.

MirrorSphere  ·  Knowledge Base

KB Article 770  ·  Account Management  ·  Self Service

How to raise a password reset on behalf of a colleague via the MirrorSphere support portal, what to expect at each step, and how to securely share the temporary password with the person who needs it.

What is a password reset? A controlled way to issue a temporary Microsoft 365 password to a colleague who is locked out or has forgotten theirs. The temporary password is delivered via a one-time secure link — we never store it in the ticket, an email body, or any of our systems. The user is prompted to set a new password of their own at first sign-in.
Who is this for? Anyone raising a password reset on behalf of someone else — usually a manager, team lead, or IT contact helping a colleague who is locked out of their account.
Audience
Requestor
Process Time
~15 mins
Last Reviewed
May 2026

How to Raise a Request

  1. Sign in to portal.mirrorsphere.com using your work account
  2. From the request menu, choose Password Reset (or use the direct link your IT team has provided)
  3. Enter the email address — the Microsoft 365 sign-in address of the person who needs their password reset
  4. Add a short reason, for example “User is locked out and cannot sign in”
  5. Click Submit — you’ll receive a confirmation email within seconds
Confirmation email showing the request is pending approval
Your confirmation email — the request is now pending approval
The password link is time-limited. Once approved, you have 60 minutes to click the link, and it can only be opened a maximum of 2 times. Wait until you’re ready to share the password with the user before you submit the request — expired links cannot be reissued, you’d need to raise a fresh ticket.

The Approval Process

For security, all password reset requests require approver approval before a temporary password is released. Here’s what happens after you submit:

You submit

Portal form sent

Approver approves

Email with one click

Password link sent

Secure email to you

Ticket closed

After link is opened

Typical turnaround is a few minutes during business hours once submitted. Out-of-hours timing depends on when your approver is able to check the email.

  • Approval received from your nominated approver, usually within minutes
  • One-time secure password link delivered to your email inbox
  • Temporary password viewed and copied via the secure page
  • Ticket closed automatically with an audit record on file
What the approver sees

Your approver receives an email with Approve and Reject buttons. After clicking either, they can add a comment before submitting their decision.

Approver email with Approve and Reject buttons
The approver email — one-click Approve / Reject buttons
Approver comment-and-submit page after clicking Approve or Reject
The comment-and-submit step the approver sees after clicking either button
If the approver hasn’t responded after a while, a reminder is automatically sent on your behalf. If it’s urgent, you can also follow up with them directly.

Emails You’ll Receive

You’ll receive up to four emails depending on the outcome. The table below summarises them; previews of each are further down.

Email When What it means
Pending  Request Confirmation Immediately on submission Your request is in the queue for approval
Approved  Request Approved Once the approver approves The password link is on its way in a separate email
Action  Password Ready Seconds after approval One-time secure link to the password — valid 60 minutes, max 2 views
Accessed  Link Accessed When the link is opened Audit confirmation including IP address and approximate location
Expired  Link Expired If 60 minutes pass without you opening the link Link has expired; ticket closes — raise a new request if still needed
Rejected  Request Declined If your approver rejects The reason will be in the email — speak to IT if you disagree

Preview of each email

1
Request Confirmation

Sent immediately after you submit the form — your request is now pending approval.

Request Confirmation email preview
2
Request Approved

Confirms your approver has approved the request. The password link follows in a separate email seconds later.

Request Approved email preview
3
Password Ready Most Important

The email with your secure one-time link. The button can only be clicked a maximum of 2 times and the link expires after 60 minutes. Make sure you’re ready to share the password before you click.

Password Ready email preview
4
Link Accessed — Audit Confirmation If link was used

Sent once the password link has been opened. Includes the IP address and approximate location of access so you (and our security team) can spot anything suspicious.

Link Accessed audit notification email preview
!
Link Expired — Ticket Closed If link timed out

Sent if 60 minutes pass without you opening the link. The ticket closes automatically — just raise a new request if you still need the reset.

Link Expired email preview

The secure password page

When you click the Retrieve Temporary Password button, your browser opens a secure page showing the password and a Copy Password button. The page also tells you how many views you have remaining.

Secure password page with Copy Password button
The secure password page — copy the password ready to share
Secure password page showing the final view warning
The final view — copy the password now, the link won’t work again
Tip: Open the link only when you’re ready to share the password with the user. Each click counts as a view.

Sharing the Password Securely

Pass the temporary password to the affected user using a secure method:

Do not send the password by email. This defeats the purpose of the one-time link and creates a written record of the password that we deliberately avoid.

Ask the user to sign in straight away. They will be prompted to choose a new password as soon as they log in — the temporary password is single-use only.

If Something Goes Wrong

Most requests complete without issue, but a few things can go sideways. Here’s how to handle the common scenarios.

Scenario A
The link expired before I could use it

Raise a new password reset request through the portal — expired links can’t be reissued. The previous ticket has closed automatically; a fresh link will be generated once your approver re-approves.

Scenario B
I used both views without sharing the password

Raise a new password reset request. Mention what happened in the reason field so your approver has the context.

Scenario C
The request was rejected and I think it’s a mistake

The rejection email will include the approver’s reason. If you believe it’s in error, speak to your IT team directly or call IT support on +44 (0) 1295 595 444.

Scenario D
I don’t recognise the location in the “Link Accessed” email

Contact IT support immediately on +44 (0) 1295 595 444. We’ll change the password again straight away and investigate.

Scenario E
The user is locked out from too many wrong attempts

The lockout usually clears itself after a few minutes. If it doesn’t, raise a password reset request and mention “account lockout” in the reason field.

Important to Know

The user must change the password at first sign-in. The temporary password is single-use only. As soon as the user signs in, Microsoft will prompt them to set a new password of their own.
We never store or log the password. It only exists on the secure one-time link — it’s not written into the ticket, the emails, or any of our systems.
Every access is recorded. When the link is opened, the IP address and approximate location are added to the ticket so you (and our security team) can spot anything suspicious.
If the user can still sign in, they can change their password themselves at myaccount.microsoft.com — no support request needed.

Frequently Asked Questions

The link expired before I could use it — what do I do?
Raise a new password reset request through the portal. Expired links can’t be reissued.
I opened the link by mistake and used both views without sharing it
Raise a new password reset request. Mention what happened in the reason field so the approver has the context.
How will I know when I’ve used my last view?
The secure page tells you. On the final view, it shows “This link has now been fully consumed” and the link will stop working after you close the page.
The user can still sign in — they just want a new password
If the user can access their account, they can change their password themselves at myaccount.microsoft.com — no support request needed.
The user is locked out from too many wrong attempts
The lockout usually clears itself after a few minutes. If it doesn’t, raise a password reset request and mention “account lockout” in the reason field.
I don’t recognise the location in the “Link Accessed” email
Contact support immediately on +44 (0) 1295 595 444. We’ll change the password again straight away and investigate.

Need More Help?

If this guide hasn’t resolved your issue, you have a few ways to reach us.

Self-service portal Raise a ticket via portal.mirrorsphere.com — the fastest route for non-urgent issues.
Phone support +44 (0) 1295 595 444, Monday–Friday 08:30–17:30. For urgent issues outside these hours, leave a voicemail — the on-call team monitors it.
Urgent / locked out Call the support line above and quote “password lockout” so we route you to the right tech first.
Escalation If the response time isn’t meeting your need, ask the agent to escalate to your account manager or your organisation’s Head of IT.
Locked out right now?
Skip the portal and call our support line for immediate help.
+44 (0) 1295 595 444
KB 770  ·  Account Management  ·  If you can’t find what you need here, raise a ticket via the support portal and we’ll help.
MirrorSphere  ·  Bloxham Mill, Barford Road, Bloxham, OX15 4FF  ·  www.mirrorsphere.com  ·  +44 (0) 1295 595 444
Managed IT Services
MirrorSphere Ltd, registered in England & Wales. Bloxham Mill, Barford Road, Bloxham, Banbury, OX15 4FF  |  Co. No. 6388568  |  VAT: GB918941394