Azure Active Directory Self-Service Password Reset

>> [MUSIC] >> Hi, everyone. My name is Sagar Gohil and I'm an engineer with Azure Identity chat team. Today I'm going to show you how IT admins can enable and configure Azure Active Directory self-service password reset and what the self-service password reset process looks like for an end user. This feature will allow users to reset their password if they have lost or forgotten their password and are unable to get into the account. Self-service password reset can be used with Azure Active Directory free tier for cloud only users. However, for synchronized account and password write back, we require Azure Active Directory Premium P1 or a P2 license. Remember, this is a per user license model so you will need to assign a valid license to each user that needs to perform a self-service password reset. So, without any further delay, let's start by learning how IT admin can enable self-service password reset for the users I've logged into Azure Portal. Let's navigate to Azure Active Directory. Look at the option password reset. Under the properties tab, we can either select individual groups or we can enable self-service password reset feature for all the users. Once we have made the selection, click on save. Now let us navigate to authentication methods. Here admins have option to choose number of authentication methods required for end users while resetting the password. We can choose one or two methods as required. The methods selected here will be available to end users while performing self-service password reset. I'm going to choose email along with mobile phone. Click on save. Another important feature we have in the portal is notifications. Here we can configure if you'd like to notify the users or the admins if the password for the user accounts were reset. I click on yes for the admins. And click on save. Last but not the least, we have an option to control password writeback feature. If you have deployed password, writeback while installing Azure AD Connect, we can control whether or not this feature can be enabled. If this is set to no, the federated or the synchronized user will not be able to reset or change their password, even if the password writeback feature is configured in Azure AD Connect. We can change these settings anytime. Once we have completed the setup from the admin end, let's look at it from the end user side as to how it works. On the first logon after self-service password reset is enabled for the user, the user will be prompted to complete self-service password reset registration requesting for the information based on the method selected by the admin while setting up the self-service password reset. I'm going to log in as a user now in the Azure portal. So, here we can see the organization requires more information to keep the account secure. We click on next. On the next screen, I am prompted either to enter a phone number or an email address. These options correspond to the option selected in the portal when the tenant admin enables self-service password reset. I must enter one of them to receive the notification code and login into my account. I will choose email. Once you have received the code, we can update it here. And click on verify. Once you have updated the detail, click on finish. Okay. So, now we have successfully completed the self-service password reset registration for the user. Now let us check what is the process for the user to reset the password. For example, let us try to log in to Azure portal and click on can't access your account. The user will be redirected to a screen prompting them to choose the type of account. The user will choose work or school account if the account was created by their IT department for use at work or school, or personal account if it is an account they have created for personal use. Once the user clicks on the account type, they will be routed to who are you page, wherein the user must enter the user ID and captcha. Once the user has updated all the details, the user needs to click on next. As I've updated only email while registering for self-service password reset, I will be prompted to receive the verification code over email. Please click on email. I have received a verification code over email. Let me go ahead and update here real quick and click on next. I will be prompted to enter the new password. Once I've entered the new password, I'll click on finish. Voila! I have successfully reset my password without any admin intervention. >> [MUSIC]

&gt;&gt; [MUSIC]  &gt;&gt; Hi, everyone. My name
is Sagar Gohil and I&#39;m an engineer with Azure Identity
chat team. Today I&#39;m going to show you how IT admins
can enable and configure Azure Active Directory self-service
password reset and what the self-service password reset
process looks like for an end user. This feature will allow
users to reset their password if they have lost or forgotten
their password and are unable to get into the account. Self-service
password reset can be used with Azure Active Directory free
tier for cloud only users. However, for synchronized
account and password write back, we require Azure
Active Directory Premium P1 or a P2 license. Remember,
this is a per user license model so you will need to assign a
valid license to each user that needs to perform a
self-service password reset. So, without any further delay,
let&#39;s start by learning how IT admin can enable self-service
password reset for the users I&#39;ve logged into Azure
Portal. Let&#39;s navigate to Azure Active Directory. Look at the
option password reset. Under the properties tab, we can
either select individual groups or we can enable self-service
password reset feature for all the users. Once we have made the selection,
click on save. Now let us navigate to
authentication methods. Here admins have
option to choose number of authentication methods
required for end users while resetting the password. We
can choose one or two methods as required. The methods selected here
will be available to end users while performing
self-service password reset. I&#39;m going to choose email
along with mobile phone. Click on save.  Another important feature
we have in the portal is notifications.
Here we can configure if
you&#39;d like to notify the users or the admins if
the password for the user accounts were reset. I click
on yes for the admins. And click on save.  Last but not the least, we
have an option to control password writeback feature. If
you have deployed password, writeback while installing
Azure AD Connect, we can control whether or not this
feature can be enabled. If this is set to no, the federated or
the synchronized user will not be able to reset or change
their password, even if the password writeback feature
is configured in Azure AD Connect. We can change
these settings anytime. Once we have completed
the setup from the admin end, let&#39;s look at it from the end
user side as to how it works. On the first logon after
self-service password reset is enabled for the user, the
user will be prompted to complete self-service
password reset registration requesting for the information
based on the method selected by the admin while
setting up the self-service password reset. I&#39;m going
to log in as a user now in the Azure portal.  So, here we can see the
organization requires more information to keep the account secure.
We click on next. On the next screen, I am
prompted either to enter a phone number or an email address.
These options correspond to the option selected in the
portal when the tenant admin enables self-service password
reset. I must enter one of them to receive the notification
code and login into my account. I will choose email.  Once you have received the
code, we can update it here. And click on verify.  Once you have updated
the detail, click on finish. Okay. So, now we have
successfully completed the self-service password
reset registration for the user. Now let us check what is the
process for the user to reset the password.  For example, let us try to
log in to Azure portal and click on can&#39;t access your account.  The user will be redirected
to a screen prompting them to choose the type of account.
The user will choose work or school account if the
account was created by their IT department for use at work
or school, or personal account if it is an account they have
created for personal use. Once the user clicks on
the account type, they will be routed to who are you page,
wherein the user must enter the user ID and captcha.  Once the user has updated
all the details, the user needs to click on next. As I&#39;ve
updated only email while registering for self-service
password reset, I will be prompted to receive the
verification code over email. Please click on email.  I have received a verification
code over email. Let me go ahead and update here
real quick and click on next. I will be prompted to
enter the new password. Once I&#39;ve entered the new
password, I&#39;ll click on finish. Voila! I have successfully
reset my password without any admin intervention.  &gt;&gt; [MUSIC]

Transcript for:Azure Active Directory Self-Service Password Reset

Transcript for:
Azure Active Directory Self-Service Password Reset