Microsoft Entra self-service password reset (SSPR) allows users to change or reset the password on their own. It does not require support from the helpdesk.
To allow the user to change or reset the password, the following authentication methods are available for Microsoft Entra self-service password reset (SSPR):
- Mobile app notification
- Mobile app code
- Mobile phone (SMS only)
- Office phone
- Security questions
Which of the above authentication methods are available is determined by the administrator and may require partial preparatory tasks.
Microsoft Entra self-service password reset (SSPR) supports Passthrough Authentication (PTA) and Password Hash Sync (PHS).
Prerequisites and Licensing
Depending on the required functionality of Microsoft Entra self-service password reset (SSPR), different licenses are required:
| Microsoft Entra ID Free | Microsoft 365 Business / Standard | Microsoft 365 Business Premium | Microsoft Entra ID P1 / P2 | |
|---|---|---|---|---|
| User password change (Cloud only) | x | x | x | x |
| User password reset (Cloud only) | x | x | x | |
| Change or reset password in Hybrid scenario with Microsoft Entra Connect | x | x |
An overview of Microsoft 365 license packages with their features can be found at https://m365maps.com.
Configuration Microsoft Entra Connect
If Microsoft Entra Connect is not used, this section can be skipped.
Microsoft Entra self-service password reset (SSPR) requires Microsoft Entra Connect with the optional feature Password writeback.
Connect with a global administrator to Microsoft Entra ID.
Connect with a local administrator to Active Directory.
Select Password writeback
Enable single sign-on (SSO) to increase user convenience.
The configuration is now being checked and can be started.
After completing the configuration, close Microsoft Entra Connect to start synchronization.
The successful activation of Password writeback can be seen under Microsoft Entra ID > Monitoring > Audit Logs.
Microsoft Entra Connect is now prepared for Microsoft Entra self-service password reset (SSPR).
Configuration Microsoft Entra self-service password reset (SSPR)
The following settings can be made in the Azure Portal (https://portal.azure.com) under Microsoft Entra ID > Password reset.
Enable Password Reset
Under Properties, it is specified which users can change or reset the password independently. The options are All or defined user groups.
WARNING: Members of this group will receive a prompt to update the security information after activation. It makes sense to inform the users about this step in advance.
Authentication methods
The authentication methods specify which methods may be used for verification by a user.
To ensure increased safety, 2 verification methods are necessary.
The following authentication methods are available:
- Mobile app notification
- Mobile app code
- Mobile phone (SMS only)
- Office phone
- Security questions
Password Reset Registration
In order to be able to change or reset the password in case of need, it requires the registration of the authentication methods of each user.
When sign in for the first time, the user is prompted to complete the security information.
The security information must be confirmed recurrently. This can be configured between 0 days (no confirmation) to a maximum of 730 days.
On-premises integration
When using Microsoft Entra Connect or Microsoft Entra Cloud Sync, password write back must be enabled.
User password change
The user can independently change the password at https://myaccount.microsoft.com/.
If all security information is not yet available, a prompt to complete the security information will appear after login.
Select Overview > Change Password
Enter new password – done!
User password reset
To reset a forgotten password, just click on Forgot my password, you will now then verify yourself with the previously registered authentication methods and are aible to reset the password.
Follow me on LinkedIn and get informed about my latest posts.
Was this post helpful to you? Show your enthusiasm with the delightful aroma of a freshly brewed coffee for me!
