Unit 5: Exercise – Configure and Deploy Self-Service Password Reset (SSPR)

What is SSPR

Microsoft Entra self-service password reset (SSPR) allows users to change or reset their own passwords without help desk or admin involvement.

Benefits:

• Users can quickly reset passwords, reducing downtime.
• IT and admins save time and can focus on higher-level tasks.

Licensing Requirements

• Cloud-based accounts.
• User enrolled in SSPR.
• Requires Microsoft Entra ID Premium P1 or P2, or Microsoft 365 Business Standard.
• On-premises accounts (writeback).
• User enrolled in SSPR.
• Requires Microsoft Entra ID Premium P1 or P2, or Microsoft 365 Business Premium.

Enable SSPR for a Group

• Sign in to Azure portal as Global Administrator.
• Go to Microsoft Entra ID > Password reset.
• On Properties, set SSPR enabled for Selected users or groups.
• Select a group (for example SSPR-Test-Group).
• Save.

Then review and configure:

• Authentication methods.
• Registration.
• Notifications.
• Customization.

Example: Creating a User and Group for SSPR Testing

Create user (Monica Thompson):

• Go to Users > New user.
• User name: MonicaT.
• Name: Monica Thompson.
• Copy and store the initial password.

Create SSPRTesters group:

• Go to Groups > New group.
• Group type: Security.
• Group name: SSPRTesters.
• Description: Testers of SSPR rollout.
• Membership type: Assigned.
• Add Monica Thompson as member.
• Create.

Enable SSPR for SSPRTesters:

• Go back to Password reset > Properties.
• Enable SSPR for Selected group.
• Choose SSPRTesters.
• Save.

Register for SSPR – User Flow

• Open a different browser or InPrivate/Incognito.
• Go to https://aka.ms/ssprsetup.
• Sign in as MonicaT@yourtenant.onmicrosoft.com.
• Change the password when prompted and record it.
• Complete the More information required wizard.
• Choose sign-in method setup, for example Phone.
• Enter phone number, choose Text me a code.
• Enter the received code and select Done.

The account is now registered for SSPR.

Test SSPR

• In a private browser, go to https://aka.ms/sspr.
• Enter Monica’s UPN.
• Select Forgot my password.
• Complete the captcha and select Next.
• Choose verification method (Text my mobile phone or Call my mobile phone).
• Enter verification code.
• Choose a new password and confirm.
• Sign in with Monica’s account and the new password.