Quickstart: Configure Azure Active Directory self-service password reset

In this quickstart, you configure Azure Active Directory (AD) self-service password reset (SSPR) to enable users to reset their passwords or unlock their accounts. With SSPR, users can reset their own credentials without helpdesk or administrator assistance. This ability lets users regain access to their account without waiting for additional support.

Important

This quickstart shows an administrator how to enable self-service password reset. If you're an end user already registered for self-service password reset and need to get back into your account, go to https://aka.ms/sspr.

If your IT team hasn't enabled the ability to reset your own password, reach out to your helpdesk for additional assistance.

Prerequisites

Enable self-service password reset

View this process as a video on YouTube

  1. In the Azure portal menu or from the Home page, select Azure Active Directory and then choose Password reset.

  2. On the Properties page under the option for Self Service Password Reset Enabled, choose Selected.

  3. Choose Select group, then select your pilot group created as part of the prerequisites section of this article, such as SSPR-Test-Group. When ready, select Save.

  4. On the Authentication methods page, make the following choices and then choose Save:

    • Number of methods required to reset: 1
    • Methods available to users:
      • Mobile app code
      • Email

    Choosing authentication methods for SSPR

  5. From the Registration page, make the following choices and then choose Save:

    • Require users to register when they sign in: Yes
    • Set the number of days before users are asked to reconfirm their authentication information: 365

Test self-service password reset

Now lets test your SSPR configuration with a test user that's part of the group you selected in the previous section, such as testuser. Since Microsoft enforces strong authentication requirements for Azure administrator accounts, testing using an administrator account may change the outcome. For more information regarding the administrator password policy, see our password policy article.

  1. Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/ssprsetup.
  2. Sign in with a non-administrator test user, such as testuser, and register your authentication phone.
  3. Once complete, select the button marked Looks good and close the browser window.
  4. Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/sspr.
  5. Enter your non-administrator test users' User ID, such as testuser, the characters from the CAPTCHA, and then select Next.
  6. Follow the verification steps to reset your password.

Clean up resources

To disable self-service password reset, search for and select Azure Active Directory in the Azure portal. Select Password Reset, and then choose None under Self Service Password Reset Enabled. When ready, select Save.

Next steps

In this quickstart, you learned how to configure self-service password reset for your cloud-only users. To find out how to complete a more detailed roll out, continue to our roll out guide.