Azure AD provides self-service capabilities for Password management. This built-in capability of Azure AD not only reduce the number of helpdesk tickets but at the same time it enhances the productivity of the user by saving time and efforts put in requesting for the password reset or account unlock. Azure AD self-service password reset capability also known as SSPR. Azure AD SSPR provides different set of capabilities with different edition of Azure AD.
Azure AD Free: Supports SSPR for Cloud-only administrators.
Azure AD Basic: Supports SSPR for Cloud-only users.
Azure AD Premium: Supports SSPS for all the users including cloud users, on-premises users with password sync and federated users but the password write-back must be enabled for on-premises users.
Azure AD SSPR simplifies the password management in following scenarios:
Forgot Password: This is a common issue among the users. If user forgot his password and wants to rest the password then he must go through one of the validates authentication methods:
- By phone call to validated mobile phone
- By text message to validated mobile phone
- By email to validated secondary email account
- By answering security questions
Change password: If any time users wants to change his/her password for any reason, they can change their password but they should remember their current password.
Unlock account: This is another common issue among the users. If your account has been locked and you are unable to login, use this method to unlock your account with valid authentication methods.
Now, let’s have a look how to do it.
First, login to Azure AD to configure Azure AD for SSPR.
Go to the Password reset and select the appropriate SSPR option. Either you can select the group for SSPR or select all for all the users.
If you want to SSPR for all the users then select All and then save the configuration.
In my scenario, I am selecting Selected for specific groups.
I have selected a group called SSPR here to provide SSPR capability to the users.
Now select the Authentication method.
I am selecting all the methods. If you select “security questions” option then you need to set the security question. Click on “Select security questions”
You can select the security question from Predefined and Custom options.
In my case, I am selecting 5 predefined security questions.
Select all the questions and click on OK.
Once configured all the authentication methods, click on Save.
Now, it is time to configure the end user setting.
Ask your users to login to the https://portal.azure.com and configure their accounts with additional security.
Select the required options and set them now.
Select the questions from drop down menu.
Answer these questions and click on save answers.
Once done, click on finish.
Login to your Azure services. I am trying to login to the https://myapps.microsoft.com . Enter your user name and click on Next.
Click on “Forgot my password”
Fill the details and click on Next
Answer your security questions for verification and click on Next.
Now, enter your new password and click on Finish.
Your password has been reset, Now, login with your new password and enjoy!