When non-Admin users sign-in Storefront and expand "Account Settings" menu in the upper right corner, it is observed that "Change password" option is missing.

The visibility of storefront "Change password" option depends on "Network access: Restrict clients allowed to make remote calls to SAM" policy setting in AD domain controllers.
In "Default Domain Controllers Policy" policy of the affected environment, "Network access: Restrict clients allowed to make remote calls to SAM" setting has been set restricted to O:BAG:BAD:(A;;RC;;;BA), standing for "Domain Admins" group. that's why "Change password" option is invisible to non-admin users.

To make the "Change password" option visible to non-admin users as well, "Authenticated Users" group should be added to the policy setting "Network access: Restrict clients allowed to make remote calls to SAM"

• Note: After adding "Authenticated Users" group, the policy setting should appear like O:BAG:BAD:(A;;RC;;;BA)(A;;RC;;;AU).

The article describes a storefront "Change password" option invisibility issue caused by the improper "Network access: Restrict clients allowed to make remote calls to SAM" AD policy setting.