The Self Service Password Reset, available with Azure AD and Office 365, has been updated to let your end-user use the Microsoft Authenticator mobile app when using the Self Service Password Reset (SSPR).

First you need to enable this new capability from your Azure AD portal (https://aad.portal.azure.com/) or Azure portal (https://portal.azure.com) and reach the Password reset configuration blade

image

Then go to the Authentication methods blade and enable the Mobile app code option; the Mobile app notification is not available for activation only when 2 methods are required for password reset.

NOTE it is important to note that end-users will not be register their mobile app when registering for SSPR; they have to register it using aka.ms/mfasetup or aka.ms/setupsecurityinfo

If only 1 method is required, the app notification option is not available If 2 methods are required, then you can enable the app notification option
image image

You must instruct your end-users to get the mobile authenticator app (for Android: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en – or for iOS: https://itunes.apple.com/us/app/microsoft-authenticator/id983156458?mt=8) and register as soon as possible.

Once the option(s) has/have been enable, the next time your end-user will have to use the SSPR they will have to option to use the mobile authenticator app, either using code or notification – when the notification is used, they will have to also use another method (but can not use the code one)

When 1 method is required When 2 methods are required
image image
or
imageimage
  The other authenticator app option is not available for the 2nd method
image

Leave a Comment

4 × 2 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.