Password reset for your Microsoft 365 test environment
Azure Active Directory (Azure AD) self-service password reset (SSPR) allows users to reset or unlock their passwords or accounts.
This article describes how you can configure and test password resets in your Microsoft 365 test environment in three phases:
- Create the Microsoft 365 Enterprise test environment.
- Enable password writeback.
- Configure and test password reset for the User 2 account.
Click here for a visual map to all the articles in the Microsoft 365 Enterprise Test Lab Guide stack.
Phase 1: Configure password hash synchronization for your Microsoft 365 test environment
First, follow the instructions in password hash synchronization. Here is your resulting configuration.
This configuration consists of:
- Office 365 E5 and EMS E5 trial or paid subscriptions.
- A simplified organization intranet connected to the Internet, consisting of the DC1, APP1, and CLIENT1 virtual machines on a subnet of an Azure virtual network.
- Azure AD Connect runs on APP1 to synchronize the TESTLAB Active Directory Domain Services (AD DS) domain to the Azure AD tenant of your Office 365 and EMS E5 subscriptions.
Phase 2: Enable password writeback
Follow the instructions in Phase 2 of the password writeback Test Lab Guide.
You must have password writeback enabled to use password reset.
Phase 3: Configure and test password reset
In this phase, you configure password reset in the Azure AD tenant through group membership, and then verify that it works.
First, enable password reset for the accounts in a specific Azure AD group.
- From a private instance of your browser, open https://portal.azure.com, and then sign in with the credentials of your global administrator account.
- In the Azure portal, click Azure Active Directory > Groups > New group.
- Set the Group type to Security, Group name to PWReset, and the Membership type to Assigned. Click Create.
- Click the PWReset group in the list, and then click Members.
- Click Add members, click User 2, and then click Select. Close the PWReset and Group pages.
- On the Azure Active Directory page, click Password reset.
- From the Properties page, under the option Self Service Password Reset Enabled, choose Selected.
- From Select group, select PWReset, and then click Save.
- Close the private browser instance.
Next, you test password reset for the User 2 account.
- Open a new private browser instance and browse to https://aka.ms/ssprsetup.
- Sign in with the User 2 account credentials.
- In Don’t lose access to your account, set the authentication phone to your mobile phone number and the authentication email to your work or personal email account.
- After both are verified, click Looks good and close the private instance of the browser.
- Open a new private browser instance and go to https://aka.ms/sspr.
- Sign in with the User 2 account credentials, type the characters from the CAPTCHA, and then click Next.
- For verification step 1, click Email my alternate email, and then click Email. When you receive the email, type the verification code, and then click Next.
- In Get back into your account, type a new password for the User 2 account, and then click Finish. Note the changed password of the User 2 account and store it in a safe location.
- In a separate tab of the same browser, go to https://portal.office.com, and then sign in with the User 2 account name and its new password. You should see the Microsoft Office Home page.
See the Simplify password resets step in the Identity phase for information and links to configure password resets in production.
Explore additional identity features and capabilities in your test environment.