Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2

Hi All,
LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂
In last article Cloud Security – Azure Active Directory authentication – Part 1 we discussed bit about Azure AD Authentication and Authentication methods.
In this article we will discuss about self-service password reset feature of Azure AD and its importance.
Take Away from this article: Lots of stuff, please read article to understand better.
- What is Azure AD Self-Service password reset (SSPR)?
- How to enable the AD Self-Service password reset (SSPR) for users
- Study material for the exam – AZ-500 : Microsoft Azure Security Technologies
What is Azure AD Self-Service password reset (SSPR)?
- SSPR is the way to allow users to change or reset their password without any admin help or help-desk involvement or any service ticket need to create for IT
- This helps users to quickly change/reset password in case they forget or account is locked. This improves the productivity of users by getting back to work fast and saves lots of time
- SSPR allows to reset expired password as well
- Main advantage of SSPR is reduce IT cost by not requiring the IT support
- Robust audit logging is available which tracks user activities so Administrator can monitor the respective activities
How to enable self-service password reset?
- To enable self-service password reset we need an account with Global Administrator rights
- Sign in to Azure portal (portal.azure.com) with an account having Global Administrator rights.

- Click on “Manage Azure Active Directory” as shown in above figure.
- We will be redirected to “Active Directory Menu Blade” page as

- In above figure, please click on “Password reset” option
- We will be redirected to “Password reset” properties as

- Please have a look at warning on the page as shown in above figure. SSPR requires at least two authentication methods to reset their own password.
- There are three options available for Administrators for SSPR
- None – SSPR is disabled for all the users
- Selected –
- SSPR is enabled for selected groups.
- This option is useful for testing purpose or for pilot run.

- All – SSPR is enabled for all users in the organization
Setting Authentication Method after enabling the SSPR?
- As we discussed in last point that SSPR requires at least two authentication methods to reset their own password.
- So lets discuss how to setting up authentication methods
- From “Password reset” properties page we have an option of “Authentication methods” option as

- We are not going to discuss each authentication method in this article, we will discuss those in coming subsequent articles 🙂
- Now once we enabled SSPR, when we login to portal we get an popup – asking for additional information as

- Click on “Next” button, we will be redirected to password register page if we know the current password.

- Please click on “re-enter my password” button as shown in above figure
- We will be redirect the page as shown in below figure – Either to enter current password or to reset password with the help of “Forgot my password” as shown in below figure

- Here, I’ll go for “Forgot my password” link to verify “Self-Service password reset (SSPR)” option as

- Notice the message “Get back into your account” this means it enables me now to reset my own password
- Please enter the respective information on the page and click on “Next” button as shown in above figure

- Observe the “Verification step 1” – Email. We have selected Authentication method 1 as Email. Please have a look at Fig – “Fig: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Properties >> Enabling SSPR for selected group >> Setting up Authentication methods”
- Once you click on “Email” button, you will receive the verification code in your respective email box as

- We will be redirected to done page as

- User is successfully able to receive the password.
What Next?
- How to configure notifications and customization when SSPR event happens
- Audit Logging
We have one more article on SSPR – Azure Identity And Access Management Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)
We have detailed series on Azure Active Directory, please have a look – https://knowledge-junction.in/category/azure-active-directory/
References
- What authentication and verification methods are available in Azure Active Directory?
- Reset your work or school password using security info
- Let users reset their own passwords
- Licensing requirements for Azure Active Directory self-service password reset
- Password management frequently asked questions
Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂
Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂
Very nicely explained.. thanks for sharing
Thanks 🙂