Latest Posts

Azure AD (Active Directory) self service password reset

As an Azure admin, you can decide whether users can reset their AD passwords by themselves or not. In this article, we will see how as an admin you can apply different settings for Azure AD self-service password reset. You can enable reset password either for “All”, “None” or for “Selected” users in the AD group.

Enable self-service password reset

  • Go to Azure Active Directory Admin Center
  • Or you can go to link - https://admin.microsoft.com/AdminPortal/Home#/homepage
  • Click on Azure Active Directory from the left-hand navigation.
  • AAD navigation
  • Again on the next page click on Azure Active Directory from left-hand side and click on Password reset as shown in the screenshot.
  • AAD password reset navigation
  • Self-service password reset can be enabled either for All, for None, or for Selected users in the group.
  • Enable SSPR

Note:
These settings only apply to end users in your organization. Admins are always enabled for self-service password reset and are required to use two authentication methods to reset their password.

  1. In the case of Selected, you can select only one group from all the Azure AD groups, and only the users from the selected group will be able to reset their password by themselves.
  2. SSPR add group
  3. If you select All, then all the users in your organization, added in the Azure Active Directory (AD), will be enabled to reset the password by themselves.
  4. If you select None, then only administrators will be able to reset their password, which is default behavior as mentioned above.

Authentication methods for a Password reset

The end-users will be asked to provide some additional details to confirm their identity before the password is reset.

In this section, you can decide which authentication method you want to impose and that will be followed by the end-user while password reset.

SSPR Authentication methods
  • From the left-hand navigation, select Authentication methods.
  • On the right-hand side, select 1 or 2, you can select based on the number of authentication methods you want to keep.
  • Below are the authentication methods available to users for now.
    • Mobile app notification - Users can register their mobile app at https://aka.ms/mfasetup
    • Mobile app code – As mentioned in the above step, the user needs to register the mobile on https://aka.ms/mfasetup.
    • Email
    • Mobile phone
    • Office phone
    • Security questions – Here, you can decide how many questions are required while user registration and to reset password.

      SSPR enable security questions
      • Number of questions required to register: Defines the minimum number of security questions a user must select and answer when registering for a password reset. This number must be greater than or equal to the number of questions a user must have to reset a password
      • Number of questions required to reset: Defines the number of randomly selected security questions a user must answer when resetting a password. This number must be less than or equal to the number of questions a user must register for a password reset
      • Select security questions: You can choose either to pick from already defined question or you can define your own questions.
      • SSPR select security questions

User Registration for Password-Reset

  • This option enables users to fill the additional details while registering so that those details will be used while resetting the password.
  • The administrator can also fill the details by himself.
  • In the left-hand navigation click on Registration
  • SSPR Enable registration
  • Require users to register when signing in? – Select Yes or No. This option will decide whether unregistered users are prompted to register their own authentication information when they sign in for the first time. If set to "No," administrators must manually specify the necessary password reset authentication information in the properties for each user in this directory or instruct users to go to the registration portal URL directly.
  • The user will get a screen like below to register their information.
  • SSPR user registration
  • Number of days before users are asked to re-confirm their authentication information – You can set the number of days after which the user will be prompted to enter the details again. You can set this number to a maximum of 730 days. If set to 0, the system will never prompt to the user for the information again.

Password-Reset Notification

  • You can set up a mail trigger functionality when the user changes the password using reset-password facility.
  • In the left-hand navigation, you can see an option for Notifications
  • SSPR notifications
  • Notify users on password resets? – Select Yes, if you want an email to be sent to the user’s primary and secondary mail address when the user resets the password using a self-service password reset.

  • Notify all admins when other admins reset their password? - Select Yes, if you want an email to be sent to the other administrator’s email address when any administrator reset the password using a self-service password reset.

Password-Reset Helpdesk

  • You can customize the helpdesk link from this section.
  • On the left-hand navigation, you can click on Customization.
  • SSPR customizations
  • Customize helpdesk link – Choose if you want to override out of the box "Contact your administrator" link that allows users to contact a service administrator directly and instead, place a custom location
  • Custom helpdesk email or URL – Place your custom link here. If you provide an email, it will turn into a mailto: function. If you provide a link, it will open in a new window.

We value your Feedback:

Page URL:

Name:

Email:


Suggestion:

© 2024 Code SharePoint