![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 27%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,570 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
You are correct. Users can change their passwords from the Office 365 portal, the My Apps portal, or the Windows 10 sign-in page. If you have password writeback enabled via Azure AD Connect, the password change will be synchronized back to the on-premises environment. The settings in Azure AD Connect cover that scenario and you won't need to enable SSPR.
SSPR is listed as a prerequisite for the "Azure Active Directory self-service password reset writeback", but that covers password resets and not just password changes. https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
I agree that the language is a bit confusing because it only refers to "Azure Active Directory self-service password reset writeback" and SSPR in the context of enabling password writeback. This is because it's good to also have SSPR enabled so that users don't get locked out.
Hope this helps!
-
If this answer was helpful to you, please remember to "mark as answer" and leave a 5-star survey so that others in the community can more easily find a solution.