Exercise - Perform basic Self-Service Password Rest (SSPR) tasks

In this exercise you will learn where the self-service password reset feature is located in Microsoft Entra and explore the process to configure it.

This exercise should take approximately 15 minutes to complete.

Task 1 - View the SSPR properties for a specific group

Open the Microsoft Entra admin center at https://entra.microsoft.com.
Log in using the credentials for your tenant.
From the menu on the left, open Protection submenu and then select Password reset.

Find the Self service password enabled bar.

Value	What it means
None	No users can use the SSPR feature
Selected	Only members of the selected group(s) can use SSPR
All	All users can use the SSPR feature

Select Authentication methods from the menu within Password reset.
Select 1 as the value for Number of methods required to reset.

Note - this value represents how many different ways the user is required to sign-in to the password reset tool, before they are allowed to reset their password. Note that using a password is not an option.
Select Email, Mobile phone, and Mobile app code for Methods available to user.

Note - if you use Security Questions you have to specific the number of questions the user is required to create and answer.
Use the button at the top to Save your choices.
You have added an Authentication method to your self-service password reset.

Select Registration from the menu within Password reset.
Make sure the Require users to register when signing in? value is set to Yes.
Set the Number of days before users are asked to re-confirm… to 90 days.
Select Save to save your changes.

Select Notifications from the menu withing Password reset.
Leave the Notify users on password reset? at the default of Yes.
Change the Notify all admins when other admins reset their password? value to Yes.
Use the Save option to save your changes.