skip to Main Content

Enable Self-Service Password Reset

We like to give the users the option to reset their Microsoft 365/Office 365 password. The feature Azure AD Self-Service Password Reset is available for selected users or all the users. Configure Self-Service Password Reset (SSPR) for cloud-only tenant or hybrid deployments.

Introduction

Before you start to implement Self-Service Password Reset (SSPR) for the users, it’s good to know where you need to enable SSPR:

  • Cloud-only tenant: Enable SSPR in Azure AD.
  • Hybrid deployment: Enable SSPR in Azure AD and enable password writeback in Azure AD Connect.

In the article, we will look at both the above options.

Microsoft did create excellent Self-Service Password Reset rollout materials that you can download, edit and send to the users.

Enable SSPR in Azure AD

To enable Self-Service Password Reset in Azure AD, you have to sign in to the Azure portal. Click on the menu button and click Azure Active Directory.

Self-Service Password Reset Azure Active Directory

Click in the menu on Password reset.

Password reset in Azure Active Directory

Click in the menu on Properties. Click on All and Save.

We recommend you to enable Self-Service Password Reset for All users. It’s one of the recommendations from the Microsoft Secure Score.

Self-Service Password Reset enable for all users

If you have a cloud-only tenant, you’re all set. The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.

Do you have a hybrid deployment? Follow the next step.

Enable SSPR in Hybrid deployment

Make sure that you did enable Self-Service Password Reset in the previous step. It needs to be enabled in Azure AD before you proceed further and enable password writeback feature in Azure AD Connect.

Enable password writeback in Azure AD Connect

Log in to the Azure AD Connect on-premises server. Start the application Azure AD Connect. On the setup wizard welcome screen, click on Configure.

Azure AD Connect welcome screen

Click Customize synchronization options. Click Next.

Azure AD Connect customize synchronization options

Enter your Azure AD global administrator credentials. Click Next.

Connect to Azure AD

Click a couple of times on Next to go through the wizard till you reach the Optional Features screen.

Check the checkbox Password writeback. Click Next.

Azure AD Connect password writeback enable

Click Configure.

Azure AD Connect ready to configure

The configuration did complete. Click Exit.

Azure AD Connect configuration complete

In the Azure portal, navigate to Azure AD password reset.

Click in the menu on On-premises integration. It shows that your on-premises writeback client is up and running.

Self-Service Password Reset on-premises integration

The users can register for Self-Service Password Reset from the link https://aka.ms/ssprsetup. After it’s set up, they can use the link https://aka.ms/sspr to reset their password.

Read more: Secure MFA and SSPR registration with Conditional Access »

Conclusion

In this article, we discussed how to enable Self-Service Password Reset. Enable SSPR in Azure Active Directory if you have a cloud-only tenant. Do you have a hybrid deployment? Enable SSPR in Azure Active Directory and enable password writeback in Azure AD Connect.

Help the service desk team and configure Self-Service Password Reset. They will get fewer phone calls with requests to reset the user password. Once the users call, they can redirect them to the SSPR URL. The users will reset their password, which will take less time and effort from the service desk.

Did you enjoy this article? You may also like . Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *