Password reset tickets constitute a major chunk of the help desk ticket pile. Allowing users to reset their own passwords is a sure way of boosting productivity. Microsoft Azure Active Directory (AD) includes a self-service password reset (SSPR) feature that lets end users reset their Azure AD password without having to seek help desk assistance. With enterprises synchronizing their on-premises AD with Azure AD, SSPR has become an indispensable tool for hybrid AD environments as well.

Administrators can deploy SSPR in Azure AD by enabling SSPR from their Azure AD tenant, and then selecting the group and specifying the authentication methods available to the users in the group. See Figure 1.

Figure 1. Configuring SSPR in Azure AD.

Once SSPR is enabled, users can access the Azure portal through a web browser and easily reset their Azure AD password. See Figures 2a and 2b.


Figure 2a. Logging in to Azure AD through the Azure portal.


Figure 2b. SSPR through the Azure portal.

But what about an end user in a hybrid environment who has their computer joined to the on-premises AD domain? That user could use another device, a phone, or a coworker’s computer to reset their password through the Azure portal. However, that may not be the option most users would want to go for.

That being the case, ADSelfService Plus is an alternative that cuts through the complications by allowing SSPR on both on-premises and Azure AD, as well as a host of other enterprise applications from the Windows login screen, as shown in Figure 3a and 3b. This means that end users can self-reset their passwords in an on-premises environment right from the logon screen, and have those changes take effect in Azure AD too. ADSelfService Plus simplifies password reset and makes help desk intervention unnecessary.


Figure 3a and 3b. On-premises SSPR from the Windows login screen through ADSelfService Plus.
Summary

Both ADSelfService Plus and Azure AD support SSPR capabilities and reduce help desk costs. However, ADSelfService Plus offers SSPR capability from the Windows login screen, and on the hybrid environment through the on-premises environment; so, users don’t have to rely on another device or a coworker’s computer to reset their password.

Download a free, 30-day trial of ADSelfService Plus.