Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset

Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Azure AD locks a user's account or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.


An account with Global Administrator privileges.


Enable self-service password reset

Azure AD lets you enable SSPR for None, Selected, or All users. This granular ability lets you choose a subset of users to test the SSPR registration process and workflow. When you're comfortable with the process and the time is right to communicate the requirements with a broader set of users, you can select a group of users to enable for SSPR. Or, you can enable SSPR for everyone in the Azure AD tenant.

1. Sign in to the Azure portal using an account with global administrator permissions.

2. Search for and select Azure Active Directory, then select Password reset from the menu on the left side.

3. From the Properties page, under the option Self service password reset enabled, choose Selected. If you want to enable SSPR for all users, choose All

4. If your group isn't visible, choose No groups selected, browse for and select your Azure AD group, like SSPR-Test-Group, and then choose Select.


5. To enable SSPR for the select users, select Save.