How to enable users to unlock or reset passwords using Azure AD

With Azure Active Directory (AD) self-service password reset (SSPR), users can change or reset their password without administrator involvement.

Step 1: Enable Azure AD self-service password reset

  1. Sign in to the Azure portal using a global administrator.
  2. Go to Azure Active Directory, then select Password reset from the menu on the left side.

3. From the Properties page, under the option Self service password reset enabled, click on Select group. Browse and select your Azure AD group, Test Group in our example.

4. Click Save to enable SSPR for the selected group,

Step 2: Select authentication methods and registration options

  1. Click on  Authentication methods on the left side pan, you have options to select 1or 2 Number of methods required to reset.
  2. Select 1 in our example. Then choose the Methods available to users that your organization wants to allow, for example Email and Mobile phone.
    Email
    Mobile phone

3. To apply the authentication methods, select Save.

Step 4: Register users’ contact information

  1. From the menu on the left side of the Registration page, select Yes for Require users to register when signing in.
  2. Set Number of days before users are asked to reconfirm their authentication information to 180.It’s important to keep the contact information up to date. If outdated contact information exists when an SSPR event starts, the user may not be able to unlock their account or reset their password.
  3. To apply the registration settings, select Save.

Step 5: Test self-service password reset

  1. To see the manual registration process, open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/ssprsetup. Azure AD will direct users to this registration portal when they sign in next time.
  2. Sign in with a non-administrator test user, like testuser, and register your authentication methods contact information.
  3. Once finished, select the button marked Looks good and close the browser window.
  4. Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/sspr.
  5. Enter your non-administrator test users’ account information, like testuser, the characters from the CAPTCHA, and then select Next.
  6. Follow the verification steps to reset your password. When finished, you’ll receive an email notification that your password was reset.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com