You’ve decided to implement self-service password reset (SSPR) in Microsoft Entra ID for your organization. You want to start using SSPR for a group of 20 users in the marketing department as a trial deployment. If everything works well, you’ll enable SSPR for your whole organization.
In this unit, you’ll learn how to enable SSPR in Microsoft Entra ID.
Prerequisites
Before you start to configure SSPR, you need a:
- Microsoft Entra organization: This organization must have at least a P1 or P2 trial license enabled.
- Microsoft Entra account with Authentication Policy Administrator role: You’ll use this account to set up SSPR.
- Non-administrative user account: You’ll use this account to test SSPR. It’s important that this account isn’t an administrator, because Microsoft Entra imposes extra requirements on administrative accounts for SSPR. This user, and all user accounts, must have a valid license to use SSPR.
- Security group with which to test the configuration: The non-administrative user account must be a member of this group. You’ll use this security group to limit who you roll SSPR out to.
Scope of SSPR rollout
There are three settings for the Self-service password reset enabled property:
- None: No users in the Microsoft Entra organization can use SSPR. This value is the default.
- Selected: Only the members of the specified security group can use SSPR. You can use this option to enable SSPR for a targeted group of users who can test it and verify that it works as expected. When you’re ready to roll it out broadly, set the property to Enabled so that all users have access to SSPR.
- All: All users in the Microsoft Entra organization can use SSPR.
Leave a Reply