What is a Self-Service password reset?

As organizations continue to adopt cloud services, security remains a top priority. Password management is a critical aspect of security, and it is becoming increasingly challenging for IT departments to manage password reset requests. Azure Active Directory (Azure AD) provides a solution to this problem with its self-service password reset feature.

Azure AD self-service password reset allows end-users to reset their passwords without the assistance of an IT administrator. This feature is designed to reduce the number of password reset requests that IT departments receive, freeing up their time to focus on other critical tasks. Self-service password reset provides an easy, secure, and automated way for users to reset their passwords.

How does it work?

When a user needs to reset their password, they can go to the Azure AD self-service password reset portal and verify their identity using one of the configured authentication methods. These authentication methods can include phone calls, SMS messages, email, or security questions. Once the user has verified their identity, they can reset their password, and the new password is immediately synced to all devices and applications associated with their account.

A user needs to navigate on another device to https://aka.ms/sspr which will redirect to https://passwordreset.microsoftonline.com.

Here the user needs to enter his E-Mail address and a captcha. Then the user needs to authenticate the request with defined recovery methods like for example an Code from the Microsoft Authenticator. After the authentication the user will be able to set a new password for his account.

What do you need to configure for it to work?

To use Azure AD self-service password reset, you will need an Azure AD subscription and the appropriate licenses. You will also need to configure the authentication methods that your users can use to reset their passwords. For example, you may choose to allow users to reset their passwords using their phone number or email address. You will also need to configure the self-service password reset policy, which includes settings such as password complexity and the number of failed attempts allowed before locking the account.

Start in the Azure portal (https://portal.azure.com) and switch to „Password reset“ in the Azure Active Directory blade:

The first step is to enable the service. You can choose if the service is disabled, enabled only for a group of users or enabled for alle users of your tenant. In this example we are going to enable it for all users of this tenant:

Next we need to define which and how many confirmations the user has to go through to authenticate that he is the user that he says. I am going with 2 needed verifications and select the default options as available to the user:

Now we should enable that users have to register for the service the next time they log in. Also you can define after how many days the user needs to re-confirm the defined methods to keep them up to date:

Lastly you can define if users and admins will be informed on password resets. If you enable this a user or if a admin resets his password all other admins will receive an e-mail with the info that the user restored his password. This can be helpfully to identify if a user account was stolen and a password was changed:

Why should you use it to reduce the amount of tickets for password resets?

Using Azure AD self-service password reset can significantly reduce the number of password reset requests that IT departments receive, resulting in cost savings and increased productivity. End-users can reset their passwords quickly and securely, without the need for IT assistance. IT departments can then focus on more critical tasks, such as ensuring the security of the organization’s data and systems.

Conclusion

In conclusion, Azure AD self-service password reset is an essential feature for organizations that are looking to streamline their password management processes while maintaining the highest levels of security. By implementing this feature, organizations can reduce the workload on IT departments, increase end-user productivity, and improve overall security.