Enable SSPR
Start course
1h 1m

This course has been designed to teach you how to manage access and authentication in Azure Active Directory. 

The topics covered within this course include:

  • Managing Authentication
  • Implementing Multi-Factor Authentication
  • Configuring Application Access
  • Implementing Access for External Users of Microsoft 365 Workloads

Learning Objectives

  • To learn how to configure and monitor authentication
  • To learn how to administer MFA and report on its utilization
  • To learn how to configure application registration and use Azure AD Application Proxy
  • To learn how to use Azure Active Directory B2B to add and manage external users

Intended Audience

  • Those looking to learn more about access and authentication


To get the most from this course, you should at least be familiar with Azure AD and have a general understanding of its features.


In this demonstration, let's walk through the process of configuring self-service password reset as a means to enable users to reset their passwords or unlock their accounts. To prepare for this demonstration, I've created a test user named Joey Knish, and I've placed him in a group called PilotUsers. My Azure Tenant already has a trial version of Azure AD Premium P2 provisioned. To enable self-service password reset for Joey Knish from the Azure portal, what I need to do is browse to Azure Active Directory and then click Password reset. From the Properties page, I'm going to choose Selected under the Self-Service Password Reset Enabled option. This allows me to specify who gets SSPR. What I need to do here is specify the pilot group that I want to configure SSPR for. So I'll select my PilotUsers group and then I'll click Save. For this exercise, I'm going to require just one authentication method in the Authentication Methods page, but I'm going to make two options available to my users in my PilotUsers group. I'm going to leave the default email and mobile phone options set so I don't have to save any changes here. Now although I'm making two available, I'm only going to require one, by setting the number of methods required to one up above. Next, I'm going to click over on the Registration page, and what I'm going to do on the Registration page is require users to register when they sign in. And I'm going to set the number of days before users are asked to reconfirm their authentication information to a year, or 365 days. So we'll set the number of days here and I can click Save to save my settings. At this point I have SSPR configured for the PilotUsers group, so let's test it out using Joey Knish's account. To test with Joey Knish's account, let's open a new incognito window and browse to What I'll do here is sign in as Joey Knish. As you can see, I'm immediately prompted for some more information. So I'll go ahead register my authentication phone and ask Azure to text me. After I receive my verification code on my phone, I just have to enter it here and click verify and then finish. With my registration complete, let's open a new incognito window and browse to This is the self service password reset URL. We'll go ahead and try and reset Joey Knish's password. What I'll do here again is login as Joey Knish. And after logging in, I'm prompted to verify my account and to reset my password. After I reset my password, Azure lets me know that I've successfully done so. Now, if I wanted to apply this same requirement to other users, I could just add them to the PilotUsers group. If I wanted to apply it to a larger set of users, I could create another group all together and apply the same settings. I could then add all of my production users to that group, just like I did for the Joey Knish pilot user. To disable self serve password reset, I just have to click back out to Azure AD and then click on Password Reset. From the properties page, I simply select none under self service password reset enabled and then save my settings. By doing this, I've now disabled SSPR.


LECTURES: Course Introduction - What is Authentication - Designing an Authentication Method - Configuring Multi-Factor Authentication - Accessing MFA Service Settings - Enable SSPR - Sign-in Activity Reports in the Azure Active Directory Portal - Using Sign-in Activity Reports in the Azure Active Directory Portal - Azure Active Directory Monitoring - Implement MFA - Manage User Settings with Azure Multi-Factor Authentication in the Cloud - Manage MFA for Users - Reports in Azure Multi-Factor Authentication - Configure Application Registration in Azure AD - How to Configure Application Registration in Azure AD - What is Azure AD Application Proxy - Configure Azure AD Application Proxy - Azure Active Directory B2B - Add Guest Users to Your Directory in the Azure Portal - Conclusion

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.