Any Office 365 admin knows that Self-Service password reset service is something that is critical to an efficient management of IT systems.
Today, I will show you how to enable and use the Microsoft Azure Active Directory Self-service password reset (SSPR) tool.
Limitation and Licensing
SSPR is not enabled and available with normal \ free Azure AD subscription and below you can see which level of licensing is needed to use it.
(From Azure AD website)
- Azure AD Free: Cloud-only administrators can reset their own passwords.
- Azure AD Basic or any paid Office 365 subscription: Cloud-only users can reset their own passwords.
Before you start make sure you review the option above.
Features
SSPR allows the following:
- Self-Service password change to all users even if the password was not expired
- Reset password in case the user forgets the password using Text message validation, phone call or send email to a secondary address.
- Unlock account without administrator intervention and using Text message validation, phone call or send email to a secondary address.
Get Started
SSPR is in the Azure Portal -> Azure Active Directory ->Password Reset
In the password reset page, select how you would like to enable SSPR (all users, selected, none)
Password Reset Policy
Once enabled, I will configure the authentication methods for a password reset and below you can see the I can use Email, Phone, etc
I can also set Security questions as a method
Recover Account Information
Once the policy is in place, next time a user tries to log in to Office 365 he will be asked to setup recovery account information.
Reset Password
Now, I will show you how I reset the password of a user called Tim using SSPR.
To reset the password for the Office 365 login screen I will click on “Forget my password”
Using my recovery information, Azure AD will send me the recovery details
And once verified, I can change my password
Change Password
To change the password without using the reset button and recovery information, I will use Exchange Online.
From the Exchange Online mailbox settings page, I will click on Password ( Change your password) and follow the prompt.
To access the SSPR page use the link below.
https://passwordreset.microsoftonline.com
Conclusion
SSPR is a must to have tool in a mid-size plus organisation, With SSPR you can reduce costs, improve end-user experience and prevent user frustration.