Azure AD - Self - Service Password Reset

Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂

In last article Cloud Security – Azure Active Directory authentication – Part 1 we discussed bit about Azure AD Authentication and Authentication methods.

In this article we will discuss about self-service password reset feature of Azure AD and its importance.

Take Away from this article: Lots of stuff, please read article to understand better.

  • What is Azure AD Self-Service password reset (SSPR)?
  • How to enable the AD Self-Service password reset (SSPR) for users
  • Study material for the exam – AZ-500 : Microsoft Azure Security Technologies 

What is Azure AD Self-Service password reset (SSPR)?

  • SSPR is the way to allow users to change or reset their password without any admin help or help-desk involvement or any service ticket need to create for IT
  • This helps users to quickly change/reset password in case they forget or account is locked. This improves the productivity of users by getting back to work fast and saves lots of time
  • SSPR allows to reset expired password as well
  • Main advantage of SSPR is reduce IT cost by not requiring the IT support
  • Robust audit logging is available which tracks user activities so Administrator can monitor the respective activities

How to enable self-service password reset?

  • To enable self-service password reset we need an account with Global Administrator rights
  • Sign in to Azure portal (portal.azure.com) with an account having Global Administrator rights.
Azure AD - Azure AD Portal
Fig1: Azure AD – Azure AD Portal
  • Click on “Manage Azure Active Directory” as shown in above figure.
  • We will be redirected to “Active Directory Menu Blade” page as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset option in left side menu
Fig2: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset option in left side menu
  • In above figure, please click on “Password reset” option
  • We will be redirected to “Password reset” properties as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset option in left side menu >> Properties
Fig3: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset option in left side menu >> Properties
  • Please have a look at warning on the page as shown in above figure. SSPR requires at least two authentication methods to reset their own password.
  • There are three options available for Administrators for SSPR
    • None – SSPR is disabled for all the users
    • Selected –
      • SSPR is enabled for selected groups.
      • This option is useful for testing purpose or for pilot run.
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Properties >> Enabling SSPR for selected group
Fig4: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Properties >> Enabling SSPR for selected group
  • All – SSPR is enabled for all users in the organization

Setting Authentication Method after enabling the SSPR?

  • As we discussed in last point that SSPR requires at least two authentication methods to reset their own password.
  • So lets discuss how to setting up authentication methods
  • From “Password reset” properties page we have an option of “Authentication methods” option as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Properties >> Enabling SSPR for selected group >> Setting up Authentication methods
Fig5: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Properties >> Enabling SSPR for selected group >> Setting up Authentication methods
  • We are not going to discuss each authentication method in this article, we will discuss those in coming subsequent articles 🙂
  • Now once we enabled SSPR, when we login to portal we get an popup – asking for additional information as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> Requiring more details while log in first time after enabling SSPR
Fig6: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> Requiring more details while log in first time after enabling SSPR
  • Click on “Next” button, we will be redirected to password register page if we know the current password.
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> confirmation of current password
Fig7: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> confirmation of current password
  • Please click on “re-enter my password” button as shown in above figure
  • We will be redirect the page as shown in below figure – Either to enter current password or to reset password with the help of “Forgot my password” as shown in below figure
 Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> dialog for either entering current password or to option to reset password - "Forgot my password"
Fig8: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> dialog for either entering current password or to option to reset password – “Forgot my password”
  • Here, I’ll go for “Forgot my password” link to verify “Self-Service password reset (SSPR)” option as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> dialog for either entering current password or to option to reset password - "Forgot my password"
Fig9: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> dialog for either entering current password or to option to reset password – “Forgot my password”
  • Notice the message “Get back into your account” this means it enables me now to reset my own password
  • Please enter the respective information on the page and click on “Next” button as shown in above figure
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> Reset Password - Authentication Method - Email Verification
Fig10: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> Reset Password – Authentication Method – Email Verification
  • Observe the “Verification step 1” – Email. We have selected Authentication method 1 as Email. Please have a look at Fig – “Fig: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Properties >> Enabling SSPR for selected group >> Setting up Authentication methods”
  • Once you click on “Email” button, you will receive the verification code in your respective email box as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> Reset Password - Authentication Method - Email Verification - Verification Code received
Fig11: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> Reset Password – Authentication Method – Email Verification – Verification Code received
  • We will be redirected to done page as
Azure AD - Azure AD Portal - "Active Directory Menu Blade" page - Password Reset >> Enabled SSPR >> Reset Password - Authentication Method - Email Verification -Done - Successfully able to reset the password
Fig12: Azure AD – Azure AD Portal – “Active Directory Menu Blade” page – Password Reset >> Enabled SSPR >> Reset Password – Authentication Method – Email Verification -Done – Successfully able to reset the password
  • User is successfully able to receive the password.

What Next?

  • How to configure notifications and customization when SSPR event happens
  • Audit Logging

We have one more article on SSPR – Azure Identity And Access Management Part 9 – Azure Active Directory – Self-Service Password Reset (SSPR)

We have detailed series on Azure Active Directory, please have a look – https://knowledge-junction.com/category/azure-active-directory/

References

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

Advertisements

Comments

2 comments on “Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2”
  1. Prasant Moharana says:

    Very nicely explained.. thanks for sharing

    1. Thanks 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.