Customizing SSPR Email Notifications and Managing Account Lockouts in Microsoft SSPR

Rasul Ansarian 5 Reputation points
2023-08-04T19:29:07.2033333+00:00

We have successfully set up SSPR (Self-Service Password Reset) for our users, and it's working well. However, we have a few questions regarding customization and account lockouts that we need help with.

  1. Customizing SSPR Email Notifications: Currently, when users reset their password, they receive a standard Password Reset notification via email. We would like to know if there is a way to customize this email notification. Specifically, we want to add our company's logo and personalize the message that users receive.
  2. Managing Account Lockouts: We have observed that when a user's account gets locked out due to multiple failed attempts, they can unlock their account by resetting their password through SSPR. We want to change this behavior. Instead, if a user's account is already locked out, we want them to be directed to our Helpdesk to unlock their account, rather than unlocking it through SSPR.
  3. Password Expiry Notifications: We have set up password expiration notifications for our users to prompt them to change their password before it expires. However, we are unsure about how these notifications are delivered to the users. Will they receive an email, a system notification, or a ribbon message when they try to sign into their account? Furthermore, we are interested to know if we have the ability to customize these notifications to suit our specific needs.

In advance, Thank you for your time and support.

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,089 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,254 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Andy David - MVP 152.3K Reputation points MVP
    2023-08-04T20:29:46.4533333+00:00

    Azure recently upgraded its branding options. They are listed here:

    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-customize-branding


  2. Justin Snyder 5 Reputation points
    2023-08-04T22:05:33.54+00:00

    Customizing SSPR Email Notifications: You can customize the look and feel of the password reset page, email notifications, or sign-in pages to make it clear to the user they’re in the right place and give them confidence they’re accessing company resources. This article shows you how to customize the SSPR e-mail link for users, company branding, and AD FS sign-in page link<sup>1
    </sup>
    Managing Account Lockouts: You can set up Azure AD to send email notifications when an SSPR event happens. These notifications can cover both regular user accounts and admin accounts. For admin accounts, this notification provides another layer of awareness when a privileged administrator account password is reset using SSPR<sup>2</sup>.

    Password Expiry Notifications: You can set up Azure AD to send email notifications when a password is about to expire. To do this, you can use the Set-MsolPasswordPolicy cmdlet to set the password validity period and notification days. This command updates the tenant so that all users’ passwords expire after a specified number of days. The users receive notification a specified number of days prior to that expiry<sup>1</sup>.

    0 comments No comments

  3. Justin Snyder 5 Reputation points
    2023-08-04T22:06:27.01+00:00

    Password Expiry Notifications: You can set up Azure AD to send email notifications when a password is about to expire. To do this, you can use the Set-MsolPasswordPolicy cmdlet to set the password validity period and notification days. This command updates the tenant so that all users’ passwords expire after a specified number of days. The users receive notification a specified number of days prior to that expiry<sup>1</sup>.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.