Setting up SSPR
Start course

Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.

In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.

Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.

Learning Objectives

  • Plan Azure AD Identities
  • Manage Users and Groups
  • Manage User Access with Access Reviews
  • Manage Passwords and Password Policies
  • Implement Self-Service Password Reset (SSPR)
  • Manage Product Licenses

Intended Audience

  • People preparing for Microsoft’s MS-100 exam
  • Microsoft 365 Administrators


  • Experience with Microsoft 365
  • Experience with the Azure portal
  • Experience with PowerShell

Another great feature is called Self-service Password Reset, or SSPR. And this is where users can reset their own password without an admin doing it for them. 

And before you can benefit from this feature, you need to be aware of the licensing requirements. If you are planning for SSPR for Cloud users, then you will need to have an Azure AD Basic, Premium P1 or P2, or a Microsoft 365 Business subscription. If you are synchronizing your users from your on-premises Active Directory, then you will need an Azure AD Premium P1 or P2 or a Microsoft 365 Business subscription. Knowing that your users are synchronized to Microsoft 365, you will also need to enable the password writeback on the AD Connect. 

To enable Self-service Password Reset, log in to your Azure AD Portal and navigate to Azure Active Directory and click on password reset. You'll have the choice to now enable the Self-service Password Reset, choose selected for only Pilot users for instance, or choose All to enable this feature for all your users in your organization. Let's choose All and save the changes. Navigate to authentication method. 

Now we need to choose the number of methods required to reset the password. You can choose one or two methods and then we have the methods available for the users. Currently, the mobile app code is in preview, but you can choose email, mobile phone, office phone, or even security questions. For this demonstration, we're gonna leave it as the default, the navigator registration. 

Now you can choose if you want your users to register to SSPR when they signing. Let's choose yes. And the default here for the number of days before users are asked again to reconfirm their authentication information, is set to 180 days, but if you go into the information icon, it will tell you that you have a maximum of 730 days. And if you set this to zero, then they will never be prompt again to reconfirm the authentication information. Click on save. 

We can also navigate to notifications and choose if we want users to be notified for password resets, or even if you want to notify all admins when other admins reset the password. We will leave that as the default and there's no changes to save and the Self-service Password Reset is now configured.

About the Author

Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at