Microsoft Entra ID

Step-by-Step Guide : Using Microsoft Authenticator app (Public preview) to reset Azure AD user password

Azure AD SSPR ( self-service password reset ) allow users to reset their own passwords according to policy define by their administrator. Before it was only allowed to use Email, Mobile phone, Office phone or security questions options to reset the passwords. If it was Azure AD admin they wasn’t able to use security questions option either. But now SSPR supports use of Microsoft Authenticator app notifications or a code from any mobile authenticator app or hardware token. This is applying for all the users including Azure AD administrators. In order to use mobile app or hardware token option, users need to sign up for at least 2 other methods ( Email, Mobile phone, Office phone or security questions).

To enable mobile app option, 

1) Log in to Azure portal as Global Administrator

2) Go to Azure Active Directory | Password Reset 


3) Go to Properties and make sure you have SSPR enabled

4) Then go to Authatication methods and select 2 for Number of method required to reset

5) After that, select mobile app option from the list

6) Click on Save to apply the settings

7) Then go to https://aka.ms/mfasetup to complete the user sign up process

8) Lets see how we can reset the password using mobile app option. In here I am trying to reset password for user Isaiah. He is global administrator as well. 

9) It redirect me to a page for id verifications. 

10) In next page I can choose the pass code option for verification. 

In here I enter the passcode appear in my phone app. 

 

11) After succesfull verification, it allow to specify new password. 

As we can see it allowed to reset the password using mobile app code verification even for Azure AD Administrator. This marks the end of this blog post. If you have any further questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Process Entra ID Entitlement Management Access Package on-behalf of another user (preview)

Entra ID Entitlement Management access packages enable administrators to offer a self-service…
Read more
Cyber SecurityMicrosoft Entra ID

Step-by-Step Guide: Configure Entra ID lifecycle workflow to use Custom Security Attributes

In my previous blog post, I explained how to use Entra ID lifecycle workflow to trigger actions…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: Configure Entra ID lifecycle workflow to trigger mover task on user profile changes

The Entra ID lifecycle workflow is a feature of Microsoft Entra ID identity governance and Microsoft…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *