Enable Azure AD Self-service Password Reset Tool

Any Office 365 admin knows that Self-Service password reset service is something that is critical to an efficient management of IT systems.

Today, I will show you how to enable and use the Microsoft Azure Active Directory Self-service password reset (SSPR) tool.

Limitation and Licensing

SSPR is not enabled and available with normal \ free Azure AD subscription and below you can see which level of licensing is needed to use it.

(From Azure AD website)

  • Azure AD Free: Cloud-only administrators can reset their own passwords.
  • Azure AD Basic or any paid Office 365 subscription: Cloud-only users can reset their own passwords.
Azure AD Premium: Any user or administrator, including cloud-only, federated, or password synchronized users, can reset their own passwords. On-premises passwords require password writeback to be enabled.

 

Before you start make sure you review the option above.

Features

SSPR allows the following:

  • Self-Service password change to all users even if the password was not expired
  • Reset password in case the user forgets the password using Text message validation, phone call or send email to a secondary address.
  • Unlock account without administrator intervention and using Text message validation, phone call or send email to a secondary address.
Get Started

SSPR is in the Azure Portal -> Azure Active Directory ->Password Reset

In the password reset page, select how you would like to enable SSPR (all users, selected, none)

Password Reset Policy

Once enabled, I will configure the authentication methods for a password reset and below you can see the I can use Email, Phone, etc

I can also set Security questions as a method

Recover Account Information

Once the policy is in place, next time a user tries to log in to Office 365 he will be asked to setup recovery account information.

Reset Password

Now, I will show you how I reset the password of a user called Tim using SSPR.

To reset the password for the Office 365 login screen I will click on “Forget my password

Using my recovery information, Azure AD will send me the recovery details

And once verified, I can change my password

Change Password

To change the password without using the reset button and recovery information, I will use Exchange Online.

From the Exchange Online mailbox settings page, I will click on Password ( Change your password) and follow the prompt.

To access the SSPR page use the link below.

https://passwordreset.microsoftonline.com

Conclusion

SSPR is a must to have tool in a mid-size plus organisation, With SSPR you can reduce costs, improve end-user experience and prevent user frustration.


Posted

in

by