Lecture on Azure Active Directory Self-Service Password Reset

Introduction

• Speaker: Sagar Gohil, Azure Identity chat team engineer
• Topic: Enabling and configuring Azure Active Directory self-service password reset
• Purpose: To allow users to reset their passwords if lost or forgotten

Key Features and Requirements

• Availability:
  • Azure AD Free Tier: Cloud-only users
  • Azure AD Premium P1 or P2: Synchronized accounts & password write-back
• License: Per user license model

Steps to Enable Self-Service Password Reset (Admin Side)

1. Login to Azure Portal
2. Navigate to Azure Active Directory
3. Select Password Reset
4. Under Properties:
   • Select individual groups or all users
   • Click on Save
5. Go to Authentication Methods:
   • Choose the number of methods (1 or 2)
   • Methods: Email and Mobile Phone
   • Click on Save
6. Notifications:
   • Configure notifications for users/admins when the password is reset
   • Select Yes for admins
   • Click on Save
7. Password Writeback:
   • Control the feature deployment via Azure AD Connect
   • Enable/Disable this feature
   • Note: Setting to No prevents federated/synced users from resetting passwords

End-User Experience

• First Logon:
  • Prompted to complete registration for self-service password reset
  • Information request based on admin’s setup (Phone or Email)

Registration Steps

1. Log into Azure portal
2. Prompt: "Organization requires more information"
3. Click Next
4. Provide Email or Phone Number
5. Enter verification code received
6. Click Verify
7. Click Finish

Reset Password Process

1. Attempt to log in to Azure portal
2. Click on Can’t access your account
3. Choose account type (Work/School or Personal)
4. Enter User ID and captcha
5. Click Next
6. Choose verification method (Email)
7. Enter verification code received via email
8. Click Next
9. Enter the new password
10. Click Finish

Result

• Password reset is completed without admin intervention