Enable Microsoft Entra Self-Service Password Reset (SSPR)

We like to allow users to reset their Microsoft 365 password. The feature we have to configure is Microsoft Entra Self-Service Password Reset, which you can set for selected users or all users. In this article, you will learn how to enable Microsoft Entra Self-Service Password Reset (SSPR) for cloud-only or hybrid deployment environments.

Table of contents

Self-Service Password Reset (SSPR)

Before you start to implement Self-Service Password Reset (SSPR) for the users, it’s good to know where you need to enable SSPR:

  • Cloud-only tenant: Enable SSPR in Microsoft Entra ID
  • Hybrid deployment: Enable SSPR in Microsoft Entra ID, enable password writeback in Microsoft Entra Connect Sync, and enable password writeback in Microsoft Entra ID

In the article, we will look at both the above options.

Note: Microsoft did create excellent Self-Service Password Reset rollout materials that you can download, edit and send to the users.

Self-Service Password Reset license requirements

Check which Self-Service Password Reset features are available for your organization license in the below table:

FeatureMicrosoft Entra ID FreeMicrosoft 365 Business StandardMicrosoft 365 Business PremiumMicrosoft Entra ID P1 or P2
Cloud-only user password change
When a user in Microsoft Entra ID knows their password and wants to change it to something new.
Cloud-only user password reset
When a user in Microsoft Entra ID has forgotten their password and needs to reset it.
Hybrid user password change or reset with on-prem writeback
When a user in Microsoft Entra that’s synchronized from an on-premises directory using Microsoft Entra Connect wants to change or reset their password and also write the new password back to on-prem.

How to enable Self-Service Password Reset in cloud-only tenant

To enable Self-Service Password Reset in cloud only tenant, follow the below steps:

  1. Sign in to Microsoft Entra admin center
  2. Expand Identity > Protection > Password reset
  3. Click on Properties
  4. Select All and Save

Note: We recommend you enable Self-Service Password Reset for All users. It’s one of the recommendations from the Microsoft Secure Score.

Enable Microsoft Entra Self-Service Password Reset for all users

You did successfully configure Self-Service Password Reset for the cloud-only tenant.

The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.

Do you have a hybrid deployment (on-premises and cloud)? Follow the next step.

How to enable Self-Service Password Reset in Hybrid deployment

To enable Self-Service Password Reset in Hybrid deployment, follow these steps:

1. Enable Self-Service Password Reset in Microsoft Entra ID

Make sure you enable Self-Service Password Reset in Microsoft Entra ID, as shown in the previous step before you proceed further.

2. Enable password writeback in Microsoft Entra Connect Sync

  1. Sign in to Microsoft Entra Connect Sync server
  2. Start the application Azure AD Connect
  3. On the setup wizard welcome screen, click on Configure
Microsoft Entra Connect Sync welcome screen
  1. Click Customize synchronization options
  2. Click Next
Microsoft Entra Connect Sync customize synchronization options
  1. Enter your Microsoft Entra ID global administrator credentials
  2. Click Next
Connect to Microsoft Entra ID
  1. Click a couple of times on Next to go through the wizard till you reach the Optional Features screen
  2. Check the checkbox Password writeback
  3. Click Next
Enable Password writeback in Microsoft Enra Connect Sync
  1. Click Configure
Microsoft Entra Connect Sync ready to configure
  1. The configuration did complete successfully
  2. Click Exit
Microsoft Entra Connect Sync configuration complete

3. Enable password writeback in Microsoft Entra ID

  1. Sign in to Microsoft Entra admin center
  2. Expand Identity > Protection > Password reset
  3. Click on On-premises integration
  4. Select all checkboxes
  5. Click Save
Enable Microsoft Entra password reset for on-premises integration

You did successfully configure Self-Service Password Reset for the Hybrid environment.

The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.

Read more: Secure MFA and SSPR registration with Conditional Access »

Conclusion

You learned how to enable Microsoft Entra Self-Service Password Reset. Enable SSPR and password writeback in Microsoft Entra ID if you have a cloud-only tenant. Do you have a hybrid environment? Enable SSPR and password writeback in Microsoft Entra ID and enable password writeback in Microsoft Entra Connect Sync.

Help the service desk team and configure Self-Service Password Reset. They will get fewer phone calls with requests to reset the user password. Once the users call, they can redirect them to the SSPR URL. The users will reset their own password, which will take less time and effort from the service desk.

Did you enjoy this article? You may also like Configure Microsoft Entra Password Protection for on-premises. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *