Demo: Azure AD self service password reset (SSPR)

This demo maps to the following Learn content:

  • Learning Path: Describe the capabilities of Azure Active Directory (Azure AD), part of Microsoft Entra
  • Module: Describe the authentication capabilities of Azure AD
  • Unit: Describe self-service password reset in Azure AD

Demo scenario

In this demo, you’ll walk through the various settings associated with enabling self-service password reset.

  1. Go to the Contoso – Microsoft Azure tab that is open on your browser. If you previously closed the tab, open a browser page and in the address bar, enter portal.azure.com and select Azure Active Directory. You should be logged in as admin, in the Azure portal, if not, sign back in.

  2. From the left navigation pane, select Password reset.

  3. The properties tab is highlighted. In the Properties window, notice that SSPR can be enabled for None, Select, or All.
    1. Put your cursor over the information icon next to where it says “Self-services password reset enabled,” and call out that you can choose “Selected” to restrict password reset to a limited group of users, vs, selecting for None or all.
    2. Put your cursor over the information icon next to where it says “select group” and call out that this is where you identify the group of users who are allowed to reset their own passwords. You must include users in the group, you can’t individually select users. Also, if you change the group, then the group you select replaces the group currently listed. As such, it’s recommended that you add users to the SSPR group.
    3. Note the light blue information box and call out it out to learners - These settings only apply to end users in your organization. Admins are always enabled for self-service password reset and are required to use two authentication methods to reset their password.
  4. From the left navigation panel of Password reset, select Authentication Methods.
    1. Put your cursor over the information icon next to where it says “Number of methods required to reset”. Call out that this sets the number of alternate methods of identification a user in this directory must have to reset their password. Do no change the setting.
    2. Call out the different “methods available to users”, including the point that SSPR supports security questions. Select Security questions to show the options for using security questions. After you’re done speaking about the options go back and select Security questions, to remove the checkmark.
  5. From the left navigation panel of Password reset, select Registration.
    1. Hover your mouse over the information icon next to where it says, “Require users to register when signing in”. Call this out to the users.
    2. Hover your mouse over the information icon next to where it says, “Number of days before user are asked to reconfirm their authentication information”. Call this out to the users.

  6. From the left navigation panel of Password reset, select Notifications. Call out the two settings – hover your mouse over the information icon for the description.

  7. Note how the Password reset navigation pane also includes options to view audit logs and Usage & insights.

  8. Select the X on the top right corner of the page. This returns you to the main page for the Contoso tenant.

  9. Keep this browser page open for the next demo.

Review

In this demo, you showed the settings associated with self-service password reset.