Account/Authentication - Azure Active Directory - Ensure Self-Service Password Reset is Enabled
Summary
If self-service password reset is enabled, it will allow the users to easily reset their own passwords in Azure AD. So, whenever your users sign in to Microsoft 365, they will have to provide additional contact information to help reset their passwords in the future and if combined registration is enabled, extra information outside MFA will not be required. As of August 2020, combined registration is enabled by default.
Reason
After this, users will not have to depend on the helpdesk to reset their passwords and moreover, this mechanism will automatically block the common, easily guessable passwords. Combined registrations should be enabled (if not already by default), as it will save the users from the hassle of registering for password reset separately from MFA.
What If?
We all know that, this setting will require the users to provide additional contact information in order to get enrolled in the self-service password reset along with some minor user education who are habitual of calling a helpdesk for password reset assistance and since combined registration is enabled automatically for new tenants, the users are not required to register for password reset separately from MFA.
Note- This will not work with Azure AD Connect/Sync.
How to?
To enable self-service password reset, use the Microsoft 365 Admin Center:
- Under Admin centers select Azure Active Directory.
- Now, choose Users via left hand navigation.
- Select Password reset.
- Select All under Self service password reset enabled on the Properties page.
- Select Save.
Monitor:
To verify self-service password reset is enabled, use Microsoft 365 Admin Center:
- Under Admin centers select Azure Active Directory.
- Now, choose Users via left hand navigation.
- Select Password reset.
- Select All under Self service password reset enabled on the Properties page.
Comments
Post a Comment