Self-Service Password Reset – Understand Identity and Access Management Solutions

1 January, 2022 Kajol Ahluwalia 0 Comments 4 categories

Self-Service Password Reset

Typically, one of the most common service desk tasks is assisting users who forget their passwords. This time spent on this type of low-value, high- touch task can be reclaimed by providing users a mechanism to update their own lost, forgotten, or compromised passwords.

  • Understand Identity and Access Management Solutions

Microsoft 365 includes two related SSPR features. The core SSPR feature allows users to reset their own Microsoft 365 or Entra ID passwords through the Microsoft 365 portal. To access the SSPR form, a user only needs to select the Can’t access your account? link on the Microsoft 365 sign-in page, as shown in Figure 8.3:

Figure 8.3 – Microsoft 365 sign-in page

As part of the Azure AD Premium Plan 1 and Plan 2 feature set, SSPR also can be integrated with Azure AD Connect’s password writeback feature. This allows for cloud- based password resets to be replicated back to the on-premises Active Directory environment. The result is that the identity is updated both in -cloud and on -premises with the same password. Cloud options for self-service password reset are configured in the Azure portal, as shown in Figure 8.4:

Figure 8.4 – SSPR features offered in the Azure portal

The on-premises password integration feature for SSPR is configured via the Azure AD Connect setup wizard.

SSPR requires registration before it can successfully be used by end users.

Access Reviews

Access reviews are an Azure AD Premium feature. They allow organizations to evaluate access to specific resources or group memberships on either an ad-hoc or scheduled basis. For example, you may want to use access reviews to periodically audit the membership of the Microsoft Teams Administrators group.

Access reviews can be delegated to specific administrators, business owners, or even end users who can self-attest their need to continue to maintain access to a resource. It also allows administrators to configure automation actions, such as removing users from privileged groups if it is determined that they no longer need that access.

After an access review is initiated, reviewers are notified via email about their next steps. Reviewers are directed to the Azure portal, where they can verify access grants and remove unnecessary identities.

Category: Data lifecycle management, Microsoft 365 Lighthouse, Microsoft Defender for Endpoint, Microsoft MS-900

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts