Reduce your Help Desk bill with self-service password resets
Every time a user wants to reset their password, they must send a password reset request to the Mason Infotech help desk. Since this is a time-consuming and inefficient approach, it is inconvenient for the users and can become expensive for our clients. Now, it’s time to allow users to opt for self-service password resets across their 365 products.
Pre-Requisites:
Before trying to set up self-service password resets, make sure you have the following:
- An active tenant with Azure AD/Entra ID.
- A global administrator account
- A non-administrator for testing
Configuring Self-Service Password Reset:
Perform the following steps via Azure AD/EntraID:
- Sign in to Azure AD/Entra ID portal with a global admin account.
- Navigate to Azure Active Directory / Entra ID –> Password Reset –> Properties.
- Enable SSPR for ‘Selected/All’ groups based on your needs. You can enable self-service password reset only for one Azure AD group in the Azure portal.
Set up Authentication Method and Registration Configuration for the Users
Self-Service Password Reset Authentication Methods
When users attempt to reset their password, Microsoft will require them to prove their identity using other verification methods. Let’s see how to configure SSPR authentication methods.
- Select ‘Authentication Methods’ under password reset.
- Choose the number of methods required to reset the password.
- Choose any of the given authentication methods such as email, MS authenticator app, etc.
Self-Service Password Reset Registration:
Under Registration, admins can specify whether users must register their authentication methods or not. It is up to the admins to specify the authentication methods users may use to register.
- Select ‘Yes’ if registration is required. Unregistered users get prompted to register their authentication information during their first sign-in.
- If the registration is set to ‘No’, admins have to manually instruct the users to register authentication information directly from the registration portal URL.
- Set the number of days (which must be between 0 and 730) before users are asked to re-confirm their authentication information.
- Users can also view their registered authentication methods under ‘Security info’ which can be modified or deleted as per their needs.
Test Self Service Password Reset (SSPR) with a Non-administrator Account
Once you have set up SSPR, you can test the SSPR with a non-administrator account that is enabled with SSPR. Perform the following steps to test SSPR with a user account.
- To complete the registration process, go to the link https://aka.ms/ssprsetup.
- Log in with a user account for which SSPR is specified, and specify your contact information, such as the phone number or email address.
- Once this is done, open https://aka.ms/sspr.
- Enter your account information, given captcha, and then select Next.
- You will now be prompted to verify your email or phone number or whatever authentication method you have specified.
- After the verification, you will be prompted to reset your password. Specify the new password to reset the old password.