Microsoft Entra ID

Step-by-Step Guide : Using Microsoft Authenticator app (Public preview) to reset Azure AD user password

Azure AD SSPR ( self-service password reset ) allow users to reset their own passwords according to policy define by their administrator. Before it was only allowed to use Email, Mobile phone, Office phone or security questions options to reset the passwords. If it was Azure AD admin they wasn’t able to use security questions option either. But now SSPR supports use of Microsoft Authenticator app notifications or a code from any mobile authenticator app or hardware token. This is applying for all the users including Azure AD administrators. In order to use mobile app or hardware token option, users need to sign up for at least 2 other methods ( Email, Mobile phone, Office phone or security questions).

To enable mobile app option, 

1) Log in to Azure portal as Global Administrator

2) Go to Azure Active Directory | Password Reset 


3) Go to Properties and make sure you have SSPR enabled

4) Then go to Authatication methods and select 2 for Number of method required to reset

5) After that, select mobile app option from the list

6) Click on Save to apply the settings

7) Then go to https://aka.ms/mfasetup to complete the user sign up process

8) Lets see how we can reset the password using mobile app option. In here I am trying to reset password for user Isaiah. He is global administrator as well. 

9) It redirect me to a page for id verifications. 

10) In next page I can choose the pass code option for verification. 

In here I enter the passcode appear in my phone app. 

 

11) After succesfull verification, it allow to specify new password. 

As we can see it allowed to reset the password using mobile app code verification even for Azure AD Administrator. This marks the end of this blog post. If you have any further questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Related posts
Microsoft Entra ID

Step-by-Step: Enabling MFA for Azure Administrative Portals via Microsoft Entra ID Conditional Access

As per the recent Microsoft Digital Defense Report 2023 (available at…
Read more
Microsoft Entra ID

Step-by-Step Guide to Azure AD PIM and Conditional Access Integration (Public Preview)

In privilege identity management, we can enforce MFA verification during the activation process.
Read more
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *