Microsoft’s Enterprise Mobility + Security (EMS) is a combination of products under Microsoft’s portfolio. At first glance, it is basically can relate to modern work space. Right now, when we talk about Modern work space, the first thing which come to our mind is all about how secure we are and is this work space is really comfortable for our users. Considering all these, Microsoft has bundle below five components to Microsoft EMS+S.
- Azure Active Directory Premium
- Microsoft Intune
- Azure Rights Management
- Microsoft Advanced Threat Analytics (ATA)
- Cloud App Security (CAS)
All in all, you can think of Microsoft EMS+S as a device-management and virtual-identity-management suite. However, in a cloud-based world where employees want to work from all of their devices, Microsoft EMS+S allows your IT team to gain the maximum security and control.
Azure Active Directory Premium edition is a paid offering of Azure Active Directory and it includes the following features:
- Self-service password reset
- Company branding
- Group-based application access
- Self-service group management
- Advanced security reports and alerts
- Multi-Factor Authentication
- Forefront Identity Manager (FIM)
As a Part one of the EMS+S, today, I am going to enable one feature which is falling under Azure Active Directory Premium (AAD) which is Password Reset.
So lets see how we enable the Password reset for you users.
Set Up Self Service Password Reset in Office 365 (Cloud Identities)
Set up SSPR
- Sign in to Azure Portal https://portal.azure.com/
- Choose More Services -> Azure Active Directory
3. Select Password reset
4. From Properties, select All for Self service password reset enabled.
5. [OPTIONAL] Selecting Selected for Self service password reset enable helps you control the set of users who can reset their passwords. Users’ group membership controls this restriction. (If you chose to restrict access to password reset, Please move to step 6. Otherwise, skip to step 7.)
6.[OPTIONAL] From the Select groups, pick the security or distribution groups that contain users who will have access to SSPR
7.Next, from Authentication Methods, select the alternate identity verification methods available to users.
8.Number of methods required to reset, will configures the minimum number of alternative identity verification methods a user must have in order to reset the password.
9.Next in the Registration, Select Yes or No for Require users to register when signing in? (Selecting the option Yes will force users to register alternative identity verification methods when they sign in. Otherwise the administrator will have to set identity verification options for users manually or will have to direct users to https://account.activedirectory.windowsazure.com/PasswordReset/Register.aspx to set this information. If you choose Yes for this, then move to step 10 or otherwise skip to step 11.)
10. Enter a value for Number of days before users are asked to re-confirm their authentication information. (This value controls the number of days before the service prompts users to verify/update their alternative identity verification information. You can specify a number between 1-730. Setting 0 here will not ask users to verify/update their alternate identity verification methods.)
11. From the Notification, you can enable notifications to be sent to users when they reset their own passwords through SSPR.
12. Selecting Yes to Customize helpdesk link will allow you to set a custom email address or a URL for Contact your administrator link in password reset wizard.
13. Enter the desired URL or the email address for the help desk if you select Yes to above option.
Users Registering for SSPR
14. If you enabled registration while sign in, users will be asked to setup the alternate identity verification methods. (This will be the same screen users see when they access the self service password reset registration URL manually as well.)
15. To setup the authentication phone, click on Set it up now. Select the country and enter the phone number and select either text me or call me.
16. If you choose to have Microsoft called you, you will need to answer the call and press # key to verify the number. If you choose to receive a text message, as seen below, you will have to enter the verification code that it sends.
17. To set up the authentication email address, click on set it up now. Enter the email address and click email me. Once you receive the email with the verification code in the mail, enter it and verify.
18. Once you have set up the minimum number of authentication methods required by the administrator or more, you can click Finish.