Lab 09 - Configure and deploy self-service password reset
Lab scenario
The company has decided to empower the employees and enable self-service password reset. You must configure this setting in your organization.
Estimated time: 15 minutes
Exercise 1 - Create a group with SSPR enabled and add users to it
Task 1 - Create a group to assign SSPR to
You want to roll out SSPR to a limited set of users first to make sure your SSPR configuration works as expected. Let’s create a security group for the limited rollout and add a user to the group.
- On the Microsoft Entra admin center, open the Identity navigation menu on the left.
-
Under Groups, select All groups and select New Group on the right side window.
-
Create a new group using the following information:
Setting Value Group type Security Group name SSPRTesters Group description Testers of SSPR rollout Membership type Assigned Members Alex Wilber Allan Deyoung Bianca Pisani -
Select Create.
Task 2 - Enable SSPR for you test group
Enable SSPR for the group.
-
Browse back to the Identity navigation menu.
-
Under Protection, select Password reset.
-
On the Password reset page Properties page, under Self service password reset enabled, select Selected.
-
Select Select group and choose SSPRSecurityGroupUser.
-
In the Default password reset policy pane, select the SSPRTesters group.
-
On the Password reset page Properties page, select Save.
-
On the Password reset screen, look under Manage*, select and review the default values for each of the Authentication methods, Registration, **Notifications, and Customization settings.
Note it is important to have phone selected as one of the authentication methods for the rest of this lab, but you can have other options as well.
Taks 3 - Register for SSPR with Alex
Now that the SSPR configuration is complete, register a mobile phone number for the user you created.
-
Open a different browser or open an InPrivate or Incognito browser session and then browse to https://aka.ms/ssprsetup.
This is to ensure you well be prompted for user authentication.
-
Sign in as AlexW@
<<organization-domain-name>>.onmicrosoft.com
with the password = Enter the admin password of the tenant(Refer the Lab Resources tab to retrieve the admin password).Note - Replace the organization-domain-name with your domain name.
-
If prompted to update your password, enter a new password of your choice. Be sure to record the new password.
-
In the More information required dialog box, select Next.
-
On the Keep your account secure page, user the Phone option.
Note - In this lab, you will use the Phone option. Enter your mobile phone details.
- Enter your personal cell phone number into the phone number field.
- Select Text me a code.
-
Select Next.
-
When you receive the code on your mobile phone, enter the code in the text box and then select Next.
-
After your phone has been registered, select Next and then select Done.
- Close the browser. You do not need to complete the sign in process.
Task 4 - Test SSPR
Now let’s test whether the user can reset their password.
-
Open a different browser or open an InPrivate or Incognito browser session and then browse to https://portal.azure.com.
This is to ensure you well be prompted for user authentication.
-
Enter AlexW@
<<organization-domain-name>>.onmicrosoft.com
and then select Next.Note - Replace the organization-domain-name with your domain name.
-
On the Enter password page, select Forgot my password.
-
On the Get back into your account page, complete the requested information and then select Next.
-
In the verification step 1 task, select Text my mobile phone, enter your phone number and then select Text.
-
Enter your verification code and then select Next.
-
In the choose a new password step, enter and then confirm your new password. Recommend password = Pass@w.rd1234.
-
When complete, select Finish.
-
Sign in as AlexW with the new password you created.
-
Enter your verification code and then verify you can complete the sign in process.
-
When finished, close your browser.
Task 5 - What happens if you try a user not in SSPRTesters group?
- As a test, open a new InPrivate browser window and try to log into the Azure Portal as GradyA, and select Forgot my password option.