How to enable Hybrid Modern Authentication (HMA) in Exchange Server on-premises? We want to secure…
Enable Microsoft Entra Self-Service Password Reset (SSPR)
We like to allow users to reset their Microsoft 365 password. The feature we have to configure is Microsoft Entra Self-Service Password Reset, which you can set for selected users or all users. In this article, you will learn how to enable Microsoft Entra Self-Service Password Reset (SSPR) for cloud-only or hybrid deployment environments.
Table of contents
Self-Service Password Reset (SSPR)
Before you start to implement Self-Service Password Reset (SSPR) for the users, it’s good to know where you need to enable SSPR:
- Cloud-only tenant: Enable SSPR in Microsoft Entra ID
- Hybrid deployment: Enable SSPR in Microsoft Entra ID, enable password writeback in Microsoft Entra Connect Sync, and enable password writeback in Microsoft Entra ID
In the article, we will look at both the above options.
Note: Microsoft did create excellent Self-Service Password Reset rollout materials that you can download, edit and send to the users.
Self-Service Password Reset license requirements
Check which Self-Service Password Reset features are available for your organization license in the below table:
Feature | Microsoft Entra ID Free | Microsoft 365 Business Standard | Microsoft 365 Business Premium | Microsoft Entra ID P1 or P2 |
---|---|---|---|---|
Cloud-only user password change When a user in Microsoft Entra ID knows their password and wants to change it to something new. | ✓ | ✓ | ✓ | ✓ |
Cloud-only user password reset When a user in Microsoft Entra ID has forgotten their password and needs to reset it. | ☓ | ✓ | ✓ | ✓ |
Hybrid user password change or reset with on-prem writeback When a user in Microsoft Entra that’s synchronized from an on-premises directory using Microsoft Entra Connect wants to change or reset their password and also write the new password back to on-prem. | ☓ | ☓ | ✓ | ✓ |
How to enable Self-Service Password Reset in cloud-only tenant
To enable Self-Service Password Reset in cloud only tenant, follow the below steps:
- Sign in to Microsoft Entra admin center
- Expand Identity > Protection > Password reset
- Click on Properties
- Select All and Save
Note: We recommend you enable Self-Service Password Reset for All users. It’s one of the recommendations from the Microsoft Secure Score.
You did successfully configure Self-Service Password Reset for the cloud-only tenant.
The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.
Do you have a hybrid deployment (on-premises and cloud)? Follow the next step.
How to enable Self-Service Password Reset in Hybrid deployment
To enable Self-Service Password Reset in Hybrid deployment, follow these steps:
1. Enable Self-Service Password Reset in Microsoft Entra ID
Make sure you enable Self-Service Password Reset in Microsoft Entra ID, as shown in the previous step before you proceed further.
2. Enable password writeback in Microsoft Entra Connect Sync
- Sign in to Microsoft Entra Connect Sync server
- Start the application Azure AD Connect
- On the setup wizard welcome screen, click on Configure
- Click Customize synchronization options
- Click Next
- Enter your Microsoft Entra ID global administrator credentials
- Click Next
- Click a couple of times on Next to go through the wizard till you reach the Optional Features screen
- Check the checkbox Password writeback
- Click Next
- Click Configure
- The configuration did complete successfully
- Click Exit
3. Enable password writeback in Microsoft Entra ID
- Sign in to Microsoft Entra admin center
- Expand Identity > Protection > Password reset
- Click on On-premises integration
- Select all checkboxes
- Click Save
You did successfully configure Self-Service Password Reset for the Hybrid environment.
The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.
Read more: Secure MFA and SSPR registration with Conditional Access »
Conclusion
You learned how to enable Microsoft Entra Self-Service Password Reset. Enable SSPR and password writeback in Microsoft Entra ID if you have a cloud-only tenant. Do you have a hybrid environment? Enable SSPR and password writeback in Microsoft Entra ID and enable password writeback in Microsoft Entra Connect Sync.
Help the service desk team and configure Self-Service Password Reset. They will get fewer phone calls with requests to reset the user password. Once the users call, they can redirect them to the SSPR URL. The users will reset their own password, which will take less time and effort from the service desk.
Did you enjoy this article? You may also like Configure Microsoft Entra Password Protection for on-premises. Don’t forget to follow us and share this article.
This Post Has 0 Comments