Well as name suggest this is a great feature which gives you ability to reset your password rather calling service desk or bothering AD Admins.
Before we go ahead and see how to enable this feature, lets understand the pre-requisite of this feature first. We have few scenarios to understand with respect to password reset, change , unlock or write back incase of hybrid identity and their AD license requirement -
Before we go ahead and see how to enable this feature, lets understand the pre-requisite of this feature first. We have few scenarios to understand with respect to password reset, change , unlock or write back incase of hybrid identity and their AD license requirement -
·
Self-Service
Password Change for cloud users
o I am a cloud-only user and
know my password.
§ I would like to change my
password to something new.
o This functionality is included in all
editions of Azure AD.
·
Self-Service
Password Reset for cloud users
o I am a cloud-only user and
have forgotten my password.
§ I would like to reset my
password to something I know.
o
This
functionality is included in Azure AD Premium P1 or P2, Microsoft 365
Business, or Office 365.
·
Self-Service
Password Reset/Change/Unlock with on-premises writeback
o I am a hybrid user my
on-premises Active Directory user account is synchronized with my Azure AD
account using Azure AD Connect. I would like to change my password, have
forgotten my password, or been locked out.
§ I would like to change my password
or reset it to something I know, or unlock my account, and have that
change synchronized back to on-premises Active Directory.
o This functionality is included in
Azure AD Premium P1 or P2, or Microsoft 365 Business.
Before people could register themselves for SSPR we need to enable this feature and to enable to we need to go to Azure Active Directory and select password reset as shown.
Once you hit the password reset you would landed into the below page where under settings you could see whether you want to enable this feature for selected users or all or none hence select accordingly. (shown below)
We have selected all users in our demo as shown above and now we need to set the authentication method you can select 1 or 2 methods. We have selected Email and mobile phone as authentication methods and we have selected 1 in no. of methods required to reset. as shown below -
Most important thing is we are now registering all users to select there authentication method for SSPR so make sure you have send the communication to all of your users. As shown in below snippet we have 180 days to enable it.
Now we have enable the SSPR registration for all the users with email and mobile phone as authentication method and from now onward whenever user login they would get prompt to set this up as shown below -
Once you hit next you would see both the authentication method that we have selected. (shown below)
Now once you have selected the authentication method in SSPR and its time to check the registration hence click on cant access your account and it would ask you to verify id so that it could prompt you SSPR authentication method as shown below -
Below is the snippet where you would enter your ID and captcha -
Enter you mobile no. to receive the code for the verification and you can reset your password in the next screen.
Reference links below -
No comments:
Post a Comment