Azure Active Directory Self-Service Password ResetAdoption KitVersion: 3.0For the latest version, please check Active Directory Self-Service Password Reset- Adoption Kit . 1Awareness . 2Business overview . 2Pricing and licensing requirements . 2Key benefits . 3Announcements . 3Training and learning resources . 4Level 100 concepts . 4Training . 4Videos . 4Books . 5Online courses . 5Whitepaper . 6Planning and change management . 7Deployment Plan . 7Quickstarts. 7End-user readiness and communication . 7Combined registration with Multi-Factor Authentication . 7Customer stories/case studies . 8Support and feedback . 8

AwarenessThis section helps you to analyze the benefits of Azure Active Directory Self-Service Password Reset. You will learnabout the ease of use, pricing, and licensing model. You can also access up-to-date announcements and blogs thatdiscuss ongoing improvements.Business overviewSelf-Service Password Reset (SSPR) is an Azure Active Directory (Azure AD) feature that empowers the users to reset theirpasswords without the need to contact IT staff for help. The users can quickly unblock themselves and continue workingno matter where they are or time of day. By allowing the employees to unblock themselves, your organization can reducethe non-productive time and high support costs for most common password-related issues.SSPR has the following capabilities: Self-service allows end-users to reset their expired or non-expired passwords without contacting an administratoror helpdesk for support. Password writeback allows management of on-premises passwords and resolution of account lockout thoughthe cloud. Password management activity reports give administrators insights into password reset and registration activityoccurring in their organization.Pricing and licensing requirementsSSPR is licensed per user. To maintain compliance, organizations are required to assign the appropriate license to theirusers. There are different features that make up SSPR including: change, reset, unlock, and writeback. Refer to licensingrequirements for Azure AD SSPR for a comparative study to make the right licensing decision.For more information on pricing, refer to Azure AD pricing.

Key benefitsUsing SSPR give you the following benefits:Manage costSSPR reduces IT support costs by enabling users to reset passwords on their own. It the cost of time lost due to lost passwords and lockouts.Intuitive user experienceIt provides an intuitive one-time user registration process that allows users to resetpasswords and unblock accounts on-demand from any device or location. This allowsusers to get back to work faster and be more productive.Flexibility and securitySSPR enables enterprises to access the security and flexibility that a cloud platformprovides. Administrators can change settings to accommodate new securityrequirements and roll these changes out to users without disrupting their sign-in.Robust auditing and usage trackingYour organization can ensure that the business systems remain secure while its usersreset their own passwords. Robust audit logs include information of each step of thepassword reset process. These logs are available from an API and enable the user toimport the data into a Security Incident and Event Monitoring (SIEM) system of choice.AnnouncementsAzure AD receives improvements on an ongoing basis. To stay up-to-date with the most recent developments, refer toWhat's new in Azure AD?

Training and learning resourcesThe following resources would be a good start to learn about SSPR. They include level 100 concepts, videos by ourexperts, link to online courses, and useful whitepapers for reference.Level 100 conceptsMicrosoft understands that some organizations have unique environment requirements or complexities. If yours is one ofthese organizations, use these recommendations as a starting point. However, most organizations can implement theserecommendations as suggested. Find what is the identity secure score in Azure AD? Know the five steps to securing your identity infrastructure Understand identity and device access configurationsRefer to the following links to get started with SSPR: Understand how Azure AD SSPR works Know about the authentication methods Learn to customize the Azure AD functionality for SSPR Understand password writebackLearn about password policies and account restrictions in Azure AD Learn to register for SSPRLearn to reset your work or school passwordUnderstand combined security information registration so that users can register once and get the benefits ofboth Microsoft Azure Multi-Factor Authentication and SSPRFollow Password management frequently asked questions For more information, deep-dive into Authentication documentation.TrainingVideosVideoHow to get started with identity securityDescriptionLearn about identity security, why is it important, and what you can doto get it more secureHow to improve your identity securityGet a walk-through about the identity secure score in the Azure ADposture with Secure Scoreportal.What is self-service password reset?Get the SSPR overviewDeploying self-service password resetLearn to configure and deploy SSPR in the Azure AD portal.How to roll out self-service password resetGet a walkthrough of the SSPR implementation process from pilot toroll out.

Identity Architecture: Self-Service PasswordLearn about SSPR and the benefits for IT staff and employees.ResetHow to register your security information inLearn how to register security information through Azure AD forAzure Active Directorysecurity features like Multi-Factor Authentication and SSPR. End userswill also learn how to view and manage their security methods in AzureAD.BooksSource: Microsoft Press - Modern Authentication with Azure Active Directory for Web Applications (Developer Reference)1st Edition.Learn the essentials of authentication protocols and get started with Azure AD. Refer to examples of applications that useAzure AD for their authentication and authorization, including how they work in hybrid scenarios with Active DirectoryFederation Services (ADFS).Online coursesRefer to the following courses on SSPR at Identities in Microsoft AzureLearn the basics of Azure AD environment, including users, groups,Active Directorydevices, and applications. You will also examine how to leverage SSPRto give your users a modern, protected experience.Refer to Managing Azure Active Directory Users and Groupsmodule.The Issues of Identity and AccessLearn how to look at IAM in the proper perspective, as well as securityManagementissues to be aware of in your organization.Refer to Other Authentication Methods module.Getting Started with the Microsoft EnterpriseThis course provides you with best practices that you need to know forMobility Suiteextending on-premises assets to the cloud that allows forauthentication, authorization, encryption, and a secured mobileexperience.Refer to Configuring Advanced Features of Microsoft Azure ActiveDirectory Premium module.

WhitepaperWhitepaperDescriptionHow hybrid identity allows digitalLearn more about hybrid identity framework that recommendstransformationdeploying Azure AD SSPR.Azure Active Directory Data SecurityThis whitepaper outlines data security considerations.ConsiderationsZero Trust Deployment Guide for MicrosoftThis guidance is to assist you if you are engaging in Microsoft’s ZeroAzure Active DirectoryTrust security strategy.

Planning and change managementIn this section, you deep-dive into planning and deploying SSPR in your organization. You can leverage quickstartson SSPR scenarios and end-user readiness material. You can also visit recommendations on how to register SSPR inyour environment.Deployment PlanRefer to SSPR deployment plan - a comprehensive guide to plan and implement SSPR in your organization. It includes thefollowing sections:SectionsDescriptionPrerequisitesGet prepared for the deploymentSolution architectureUnderstand the password reset solution architecture and workflow forhybrid environmentsBest practicesTo register SSPR successfully in your organizationPlan the deployment projectDetermine the strategy for this deployment in your environmentPlan configurationSettings required to enable SSPR along with recommended valuesPlan testing, support and rollbackPrepare for test results, FAQs for support staff, and rollbackconsiderationsDeploy SSPRAt each stage of your deployment from initial pilot groups throughorganization-wide, ensure that results are as expected.Manage SSPRFollow audits and view reportsTroubleshootCollect information to ease troubleshooting and follow the instructionsQuickstartsFollow the step-by-step guidance to: Enable self-service password reset Enable password writeback to an on-premises environment Enable password reset from the Windows login screenEnd-user readiness and communicationYou can distribute the readiness material to your users during Azure AD SSPR rollout, educate them about the feature, andremind them to register. Download Self-service password reset rollout materials and customize them with yourorganization's branding.Combined registration with Multi-Factor AuthenticationWe recommend that you enable the enable combined security information registration in Azure AD for SSPR and MultiFactor Authentication.Before enabling the new experience, review the article combined security information registration to ensure youunderstand the functionality and effects of this feature. In case of issues, refer to Troubleshooting combined securityinformation registration.

Customer stories/case studiesDiscover how most organizations use SSPR to set policies that extend rich admin capabilities to all the users intheir directory.The following featured stories demonstrate these needs:Aramex delivery limited: Global logistics and transportation company createscloud – connected office with identity and access management solution.Aramex needed an identity and access management solution that would provide abetter experience, tighten security, and make their identity and access processesmore efficient. Azure AD was able to achieve all three of these goals with its SSO,Multi-Factor Authentication, and SSPR capabilities.HCL Technologies uses Enterprise Mobility Security to deliver highly secure digitalworkplaceHCL wanted to enhance an already mobile and agile corporate culture by boostingemployees’ productivity, so it chose Microsoft 365. Today, HCL employees have asimpler way to reset their passwords through self-service password management. HCLdeployed a solution where employees can unlock and reset their passwords throughinteractive voice response, thereby reducing help-desk calls by approximately 15percent.Construction giant gains competitive edge with zero-trust approach to security.When the Walsh Group moved to the cloud, it realized it needed better ways tomanage who accesses its systems. The company set up identity as the control plane—with Microsoft Azure Active Directory at the center and a zero-trust security stance tobetter protect access to all its resources.Working with Microsoft on the self-service password reset project revealed severalareas where it could improve security across its hybrid infrastructure and plug the gapsto make sure that the expected user is the one using the identity.To learn more about customer and partner experiences on SSPR, visit: See the amazing things people are doing withAzure.Support and feedbackHow can we improve SSPR? This section provides links to discussion forums and technical community supportemail IDs.We encourage you to join our Technical Community, a platform to Microsoft Azure AD users and Microsoft to interact. It isa central destination for education and thought leadership on best practices, product news, live events, and roadmap.If you have technical questions or need help with Azure, please try StackOverflow or visit the MSDN Azure AD forums.Tell us what you think of Azure and what you want to see in the future. If you have suggestions, please submit an idea orvote up an idea at our User Voice Channel -

Active Directory Learn the basics of Azure AD environment, including users, groups, devices, and applications. You will also examine how to leverage SSPR to give your users a modern, protected experience. Refer to Managing Azure Active Directory Users and Gr