Self Service Password Reset(SSPR)

1.2 Enable SSPR:

Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Azure AD locks a user’s account or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can’t sign into their device or an application.

One of the most common calls to the service desk is from users who have forgotten their passwords. Although later in this chapter going passwordless will be covered, we still have a very long way to go before we can get rid of all passwords. To reduce the number of calls due to forgotten passwords, you should implement Self-Service Password Reset (SSPR), which is part of Azure AD. Self-Service Password Reset will empower users to quickly unblock themselves without intervention of the service desk or an administrator.

Configuring Self-Service Password Reset

To use Self-Service Password Reset, the feature needs to be enabled first. In a cloud-only environment, the SSRP service is enabled from the Azure Active Directory admin center. In the Portal, go to Azure Active Directory and then Password Reset. From there, either enable it for all users or for a selected group of users as show in the figure below. The Self-Service Password Reset feature only applies to regular user accounts. By default, the feature is already enabled for all administrator accounts. For an administrator to be able to reset their own password, at least two authentication methods are required.