Self Service Password flow Explained | Azure Active Directory Authentication Types secure
Self Service Password flow Explained
Azure Active Directory Authentication Types Secure
Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If a user's account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.
How does the password reset process work?
A user can reset or change their password using the SSPR portal. They must first have registered their desired authentication methods. When a user accesses the SSPR portal, the Azure platform considers the following factors:
How should the page be localized?
Is the user account valid?
What organization does the user belong to?
Where is the user's password managed?
Is the user licensed to use the feature?
When a user selects the Can't access your account link from an application or page, or goes directly to https://aka.ms/sspr, the language used in the SSPR portal is based on the following options:
By default, the browser locale is used to display the SSPR in the appropriate language. The password reset experience is localized into the same languages that Microsoft 365 supports.
If you want to link to the SSPR in a specific localized language, append ?mkt= to the end of the password reset URL along with the required locale.
For example, to specify the Spanish es-us locale, use ?mkt=es-us - https://passwordreset.microsoftonline.com/?mkt=es-us.
After the SSPR portal is displayed in the required language, the user is prompted to enter a user ID and pass a captcha. Azure AD now verifies that the user is able to use SSPR by doing the following checks:
Checks that the user has SSPR enabled and is assigned an Azure AD license.
If the user isn't enabled for SSPR or doesn't have a license assigned, the user is asked to contact their administrator to reset their password.
Checks that the user has the right authentication methods defined on their account in accordance with administrator policy.
If the policy requires only one method, check that the user has the appropriate data defined for at least one of the authentication methods enabled by the administrator policy.
If the authentication methods aren't configured, the user is advised to contact their administrator to reset their password.
If the policy requires two methods, check that the user has the appropriate data defined for at least two of the authentication methods enabled by the administrator policy.
If the authentication methods aren't configured, the user is advised to contact their administrator to reset their password.
If an Azure administrator role is assigned to the user, then the strong two-gate password policy is enforced. For more information, see Administrator reset policy differences.
Checks to see if the user's password is managed on-premises, such as if the Azure AD tenant is using federated, pass-through authentication, or password hash synchronization:
If SSPR writeback is configured and the user's password is managed on-premises, the user is allowed to proceed to authenticate and reset their password.
If SSPR writeback isn't deployed and the user's password is managed on-premises, the user is asked to contact their administrator to reset their password.
If all of the previous checks are successfully completed, the user is guided through the process to reset or change their password.
Require users to register when they sign in
You can enable the option to require a user to complete the SSPR registration if they sign in to any applications using Azure AD. This workflow includes the following applications:
Microsoft 365
Azure portal
Access Panel
Federated applications
Custom applications using Azure AD
Видео Self Service Password flow Explained | Azure Active Directory Authentication Types secure канала Paddy Maddy
Azure Active Directory Authentication Types Secure
Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If a user's account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.
How does the password reset process work?
A user can reset or change their password using the SSPR portal. They must first have registered their desired authentication methods. When a user accesses the SSPR portal, the Azure platform considers the following factors:
How should the page be localized?
Is the user account valid?
What organization does the user belong to?
Where is the user's password managed?
Is the user licensed to use the feature?
When a user selects the Can't access your account link from an application or page, or goes directly to https://aka.ms/sspr, the language used in the SSPR portal is based on the following options:
By default, the browser locale is used to display the SSPR in the appropriate language. The password reset experience is localized into the same languages that Microsoft 365 supports.
If you want to link to the SSPR in a specific localized language, append ?mkt= to the end of the password reset URL along with the required locale.
For example, to specify the Spanish es-us locale, use ?mkt=es-us - https://passwordreset.microsoftonline.com/?mkt=es-us.
After the SSPR portal is displayed in the required language, the user is prompted to enter a user ID and pass a captcha. Azure AD now verifies that the user is able to use SSPR by doing the following checks:
Checks that the user has SSPR enabled and is assigned an Azure AD license.
If the user isn't enabled for SSPR or doesn't have a license assigned, the user is asked to contact their administrator to reset their password.
Checks that the user has the right authentication methods defined on their account in accordance with administrator policy.
If the policy requires only one method, check that the user has the appropriate data defined for at least one of the authentication methods enabled by the administrator policy.
If the authentication methods aren't configured, the user is advised to contact their administrator to reset their password.
If the policy requires two methods, check that the user has the appropriate data defined for at least two of the authentication methods enabled by the administrator policy.
If the authentication methods aren't configured, the user is advised to contact their administrator to reset their password.
If an Azure administrator role is assigned to the user, then the strong two-gate password policy is enforced. For more information, see Administrator reset policy differences.
Checks to see if the user's password is managed on-premises, such as if the Azure AD tenant is using federated, pass-through authentication, or password hash synchronization:
If SSPR writeback is configured and the user's password is managed on-premises, the user is allowed to proceed to authenticate and reset their password.
If SSPR writeback isn't deployed and the user's password is managed on-premises, the user is asked to contact their administrator to reset their password.
If all of the previous checks are successfully completed, the user is guided through the process to reset or change their password.
Require users to register when they sign in
You can enable the option to require a user to complete the SSPR registration if they sign in to any applications using Azure AD. This workflow includes the following applications:
Microsoft 365
Azure portal
Access Panel
Federated applications
Custom applications using Azure AD
Видео Self Service Password flow Explained | Azure Active Directory Authentication Types secure канала Paddy Maddy
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How does Intune enhance device security
Cloud Deployment Models Comparison Chart
Dynamic Azure AD Group for All Windows Virtual Machines
Learn what are the Azure Cloud Consumption Based Model and Pricing
Intune Training Course #2 | What is Microsoft Endpoint Manager | Getting started with MEM | MECM
Configure SCCM in less than 5 minutes learn
what is OneDrive Integration in Windows 11 #Windows11 #Windows11Features #paddyMaddy
What is High Availability in Microsoft Azure Cloud
learn azure core architectural components
Intune Microsoft Endpoint Manager Introduction | Intune Training Course Online
PaddyMaddy Channel Membership - $1 Dollar a Month!
What is the Servicing timeline for WINDOWS 11 Feature update #Shorts
PowerShell Variables explained with demo | How To Work PowerShell with Variables Explained
Enhanced Storage Replica Log in Windows Server 2025 #WindowsServer2025 #StorageReplica
Data Residency and Compliance Sovereignty Azure Cloud With Azure Policy DEMO
Windows Server 2025 New Feature Sid Lookups #paddymaddy #windowsserver2025 #windowsserver
Get a PHYSICAL SERVER with Microsoft azure dedicated hosts
Azure types of Database Services options available | Migration Service | Synapse Analytics | Cosmos![How do objects work in PowerShell [ ] ?](https://i.ytimg.com/vi/7E5YhfFtNPk/default.jpg)
How do objects work in PowerShell [ ] ?
PowerShell Core vs PowerShell | is PowerShell Core dead