Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂

In last article Cloud Security – Azure Active Directory authentication – Part 1 we discussed bit about Azure AD Authentication and Authentication methods.

In this article we will discuss about self-service password reset feature of Azure AD and its importance.

Take Away from this article: Lots of stuff, please read article to understand better.

• What is Azure AD Self-Service password reset (SSPR)?
• How to enable the AD Self-Service password reset (SSPR) for users
• Study material for the exam – AZ-500 : Microsoft Azure Security Technologies 

What is Azure AD Self-Service password reset (SSPR)?

• SSPR is the way to allow users to change or reset their password without any admin help or help-desk involvement or any service ticket need to create for IT
• This helps users to quickly change/reset password in case they forget or account is locked. This improves the productivity of users by getting back to work fast and saves lots of time
• SSPR allows to reset expired password as well
• Main advantage of SSPR is reduce IT cost by not requiring the IT support
• Robust audit logging is available which tracks user activities so Administrator can monitor the respective activities

How to enable self-service password reset?

• To enable self-service password reset we need an account with Global Administrator rights
• Sign in to Azure portal (portal.azure.com) with an account having Global Administrator rights.

• Click on “Manage Azure Active Directory” as shown in above figure.
• We will be redirected to “Active Directory Menu Blade” page as

• In above figure, please click on “Password reset” option
• We will be redirected to “Password reset” properties as

• Please have a look at warning on the page as shown in above figure. SSPR requires at least two authentication methods to reset their own password.
• There are three options available for Administrators for SSPR
  • None – SSPR is disabled for all the users
  • Selected –
    • SSPR is enabled for selected groups.
    • This option is useful for testing purpose or for pilot run.

• All – SSPR is enabled for all users in the organization

Setting Authentication Method after enabling the SSPR?

• As we discussed in last point that SSPR requires at least two authentication methods to reset their own password.
• So lets discuss how to setting up authentication methods
• From “Password reset” properties page we have an option of “Authentication methods” option as

• We are not going to discuss each authentication method in this article, we will discuss those in coming subsequent articles 🙂
• Now once we enabled SSPR, when we login to portal we get an popup – asking for additional information as

• Click on “Next” button, we will be redirected to password register page if we know the current password.

• Please click on “re-enter my password” button as shown in above figure
• We will be redirect the page as shown in below figure – Either to enter current password or to reset password with the help of “Forgot my password” as shown in below figure

• Here, I’ll go for “Forgot my password” link to verify “Self-Service password reset (SSPR)” option as

• Notice the message “Get back into your account” this means it enables me now to reset my own password
• Please enter the respective information on the page and click on “Next” button as shown in above figure

• Observe the “Verification step 1” – Email. We have selected Authentication method 1 as Email. Please have a look at Fig – “Fig: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Properties >> Enabling SSPR for selected group >> Setting up Authentication methods”
• Once you click on “Email” button, you will receive the verification code in your respective email box as

• We will be redirected to done page as

• User is successfully able to receive the password.

What Next?

• How to configure notifications and customization when SSPR event happens
• Audit Logging

We have one more article on SSPR – Azure Identity And Access Management Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)

We have detailed series on Azure Active Directory, please have a look – https://knowledge-junction.in/category/azure-active-directory/

References

• What authentication and verification methods are available in Azure Active Directory?
• Reset your work or school password using security info
• Let users reset their own passwords
• Licensing requirements for Azure Active Directory self-service password reset
• Password management frequently asked questions

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂