Azure / Office 365 – You can now use your Microsoft Authenticator mobile app for SSPR (preview)

The Self Service Password Reset, available with Azure AD and Office 365, has been updated to let your end-user use the Microsoft Authenticator mobile app when using the Self Service Password Reset (SSPR).

First you need to enable this new capability from your Azure AD portal (https://aad.portal.azure.com/) or Azure portal (https://portal.azure.com) and reach the Password reset configuration blade

image

Then go to the Authentication methods blade and enable the Mobile app code option; the Mobile app notification is not available for activation only when 2 methods are required for password reset.

NOTE it is important to note that end-users will not be register their mobile app when registering for SSPR; they have to register it using aka.ms/mfasetup or aka.ms/setupsecurityinfo

If only 1 method is required, the app notification option is not available If 2 methods are required, then you can enable the app notification option
image image

You must instruct your end-users to get the mobile authenticator app (for Android: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en – or for iOS: https://itunes.apple.com/us/app/microsoft-authenticator/id983156458?mt=8) and register as soon as possible.

Once the option(s) has/have been enable, the next time your end-user will have to use the SSPR they will have to option to use the mobile authenticator app, either using code or notification – when the notification is used, they will have to also use another method (but can not use the code one)

When 1 method is required When 2 methods are required
image image
or
imageimage
  The other authenticator app option is not available for the 2nd method
image

Leave a Comment

Your email address will not be published. Required fields are marked *