The Self-Service Password Reset (SSPR) feature in Azure AD allows users to reset their passwords without going through the help desk. However, changes to users' Azure AD passwords are only synchronized with their on-premises domain accounts when Azure AD Connect is configured and the password writeback feature is enabled.
ADSelfService Plus is an Active Directory (AD) self-service password management and single sign-on solution that lets users reset their AD passwords on their own with its Self-Service Password Reset feature. It also offers the Password Synchronization feature to sync any changes to users' passwords with their user accounts in enterprise applications like Microsoft 365 (previously Office 365) and Azure AD. Apart from this, ADSelfService Plus also provides single sign-on, exhaustive reports, strong password policies, and much more to simplify password management and secure user identities.
With these capabilities, users can use the same password to log in to Azure AD that they use to sign in to their AD domains; they can also reset their passwords without help desk intervention.
Let's take a look at how to reset a password using SSPR in Azure AD.
- Go to the Azure AD login page and enter your username.
- Click Forgot password when asked to enter your password.
- In the password reset page, enter your email address or username.
- Now choose how you would like to get your verification code. You can receive it through a call, SMS message, or email.
- Now, enter the verification code to prove your identity.
- Complete the second identity verification step. You'll have the option to choose from one of the two methods not used in the previous step.
- After successful verification, you can submit a new password.
- You will now be able to log in with your new password.
How ADSelfService Plus simplifies and secures Office 365 password reset
- Access the ADSelfService Plus portal from your login screen, mobile app, mobile site, or any web browser.
- Click Forgot your password?
- Enter your username and click Continue.
- Complete the identity verification process. Admins can select from 15 advanced authentication methods including biometrics, Google Authenticator, and YubiKey. Here, we have some security questions.
- In the drop-down, select your Office 365 account and submit a new password.
- If the password meets all the password complexity requirements, it will be successfully reset.
So how does Azure AD's native password reset feature compare to ADSelfService Plus'? Take a look at the comparison chart below:
|Azure AD SSPR||ADSelfService Plus|
|Self-service password resets can be performed from the login screens of machines running only on Windows 10 operating systems.||Self-service password resets can be performed from the login screens of most Windows clients and servers, macOS, and Linux machines (see the supported OS versions).|
|No mobile app for self-service password resets.||Exclusive iOS and Android mobile apps for self-service password resets.|
|Supports only two factor authentication (TFA); provides four authentication methods to choose from.||Offers multi-factor authentication (MFA); supports 15 authentication methods to choose from, including Microsoft Authenticator, fingerprint authentication, and Face ID authentication. Multi-factor authentication can be enforced.|
|Local cached credentials cannot be updated after password reset.||Local cached credentials can be updated using a VPN after password reset, allowing even remote users to regain access to their machines.|
|The number of self-service password resets performed cannot be restricted.||Admins can restrict the number of self-service password resets performed within a period of time.|
|No provision for notifications to be sent to the user or admin upon successful password reset.||SMS, email, and push notifications can be sent on successful password reset.|
|The password policy cannot be enforced during password changes from the Ctrl+Alt+Del screen||The custom password policy enforcer enforces password policies during password changes from the Ctrl+Alt+Del console and password resets by admins using the ADUC console.|
ADSelfService Plus also offers a password change feature that helps users change their Windows AD domain password in accordance to the password policy enforced by the administrator. Password changes made using this feature can be synchronized with their Microsoft 365 ,previously Office 365, accounts using the password synchronization feature. Password policies created using the password policy enforcer feature help ensure users create strong passwords. Users can change their enterprise application account passwords, including their Microsoft 365, Google Workspace, and Salesforce accounts, without changing their AD password using ADSelfService Plus.
Other advantages of ADSelfService Plus include:
- Flexibility to provide self-service password reset capability to users only in specific OUs and groups.
- The Password Policy Enforcer feature, which provides complexity rules that:
- Control the types of characters used in the password.
- Restrict using old passwords or characters from the username.
- Prevent the use of specific words, patterns, and palindromes.
- The password synchronization feature, which synchronizes any changes to the domain passwords to more than 15 enterprise cloud and on-premises applications, including Office 365/Azure AD, G Suite, and Salesforce.
- The option for admins to configure an approval workflow where users have to raise a help desk request and can only reset their passwords when it is approved.
With all the above advantages that ADSelfService Plus has to offer, choosing ADSelfService Plus to empower users with self-service password reset for your Azure AD environment is the right way to go. Other than self-service password reset and password synchronization, ADSelfService Plus also offers:
Empower users with a secure self-service password reset solution
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here