Azure AD: Self-service password reset

This blog post shows to configure self-service password reset (SSPR) as a simple means for IT administrators to enable users to reset their passwords or unlock their accounts.

Prerequisites

 

  • A working Azure AD tenant with at least a trial license enabled.
  • An account with Global Administrator privileges.
  • A non-administrator test user with a password you know,
  • A pilot group to test with that the non-administrator test user is a member of,

Enable self-service password reset

 

Sign in to the Azure portal at https://portal.azure.com with your Azure account.

On the left pane of the dashboard, click Azure Active Directory

 

On the Azure portal under Azure Active Directory select Password reset.

From the Properties page, under the option Self Service Password Reset Enabled, choose Selected.

  • From Select group,
  • Click Save.

From the Authentication methods page, make the following choices:

  • Number of methods required to reset: 1
  • Methods available to users:
  • Mobile phone
  • Office phone
  • Click Save.

From the Registration page, make the following choices:

  • Require users to register when they sign in: Yes
  • Set the number of days before users are asked to reconfirm their authentication information: 180

Test self-service password reset

Now let’s test your SSPR configuration with a test user. Since Microsoft enforces strong authentication requirements for Azure administrator accounts, testing using an administrator account may change the outcome.

Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/ssprsetup.

Sign in with a non-administrator test user, and register your authentication phone.

Below are what users will first see. Users must enter details for each of the authentication options you have forced them to configure

Once you have entered all the required authentication details, click finish and this will redirect you to your applications.

Done

Below are instructions on resetting your password once authentication information has been configured.

You can do this from either the link below or by clicking on the “Can’t access your account” link on the Office 365 login screen, then select “Work or school account”.

https://passwordreset.microsoftonline.com/

You then need to verify who you are by typing in your email address and the CAPTCHA information shown in the box.

On the next screen, you select what issue you are having with your password.

You must pass two verification steps to enable you to reset your password. You can choose any two of the steps shown in the screenshot below. If you successfully pass them both, you are then prompted to type a new password.

The password has been reset.

Password reset notification mail.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s