Exercise - Set up self-service password reset
In this unit, you'll configure and test self-service password reset (SSPR) by using your mobile phone. You'll need to use your mobile phone to complete the password-reset process in this exercise.
Create an Azure AD organization
For this step, you'll want to create a new directory and sign up for trial Premium subscription for Azure AD.
Sign in to the Azure portal.
Select Create a resource > Identity > Azure Active Directory.
Select Azure Active Directory, then select Next : Configuration.
On the Create tenant page, use these values, select Review + Create, then select Create.
Property Value Organization name Choose any organization name. Initial domain name Choose a domain name that's unique within .onmicrosoft.com. Make a note of the domain you choose. Country or region United States.
Complete the captcha, then select Submit.
After you create the organization, select the F5 key to refresh the page. In the upper-right corner, select your user account. Then select Switch directory.
Select the organization you just created.
Create an Azure AD Premium P2 trial subscription
Now activate a trial Premium subscription for the organization so that you can test SSPR.
- Go to Azure Active Directory > Password reset.
- Select Get a free Premium trial to use this feature.
- Under AZURE AD PREMIUM P2, expand Free trial and then select Activate.
- Refresh the browser to see the Password reset - Properties page.
Create a group
You want to roll out SSPR to a limited set of users first to make sure your SSPR configuration works as expected. Let's begin by creating a security group for the limited rollout.
In the Azure AD organization you created, under Manage, select Groups.
Select + New Group.
Enter the following values:
Setting Value Group type Security Group name SSPRTesters Group description Testers of SSPR rollout Membership type Assigned
Create a user account
To test your configuration, create an account that's not associated with an administrator role. You'll also assign the account to the group you created.
In your Azure AD organization, under Manage, select Users.
Select + New user, select Create new user in the drop-down, and use the following values:
Setting Value User name balas Name Bala Sandhu Password Select Show Password, and make a note of the password. Groups Select the 0 groups selected link, then select SSPRTesters and click Select.
Now you're ready to enable SSPR for the group.
In your Azure AD organization, under Manage, select Password reset.
If the Password reset page still displays the message Get a free Premium trial to use this feature, wait for a few minutes and then refresh the page.
On the Properties page, select Selected. Select the No groups selected link, select the SSPRTesters group, and then select Save.
Under Manage, select the Authentication methods, Registration, and Notifications pages to review the default values.
Select Yes, and then in the Custom helpdesk email or URL text box, enter email@example.com. Replace "organization-domain-name" with the domain name of the Azure AD organization you created. If you've forgotten the domain name, hover over your profile in the upper-right corner of the Azure portal.
Register for SSPR
Now that the SSPR configuration is complete, register a mobile phone number for the user you created.
If you get the message: The administrator has not enabled this feature. Use private/incognito mode in your web browser.
In a new browser window, go to https://aka.ms/ssprsetup.
Sign in with the user name firstname.lastname@example.org and the password that you noted earlier.
If you're asked to update your password, enter a new password of your choice. Make sure you note the new password.
Next to Authentication phone is not configured, select Set it up now.
Enter your mobile phone details.
Select text me.
When you receive the code on your mobile phone, enter the code in the text box.
Select verify, and then select finish.
Now let's test whether the user can reset their password.
In a new browser window, go to https://aka.ms/sspr.
For User ID, type email@example.com. Replace "organization-domain-name" with the domain you used for your Azure AD organization.
Complete the captcha, and then select Next.
Enter your mobile phone number, and then select Text.
When the text arrives, in the Enter your verification code text box, enter the code you were sent. Select Next.
Enter a new password, and then select Finish. Make sure you note the new password.
Sign out of the account.
Need help? See our troubleshooting guide or provide specific feedback by reporting an issue.