In this article we will learn about “Password Writeback” and “Self Service Password Reset (SSPR)” what these tools give us and how they can be implement them in our organization.
Password Writeback – is an add-on that we can be activated through AD-Connect, as you probably know when the organization want to enable a password for a certain user mailbox that in 365, the IT manager must to reset the password for the user in the On-prem Active Directory and then the password You will sync to Azure-AD. Using the Password Writeback setting, we can perform a password reset for users directly from Azure-AD and the password will be immediately synchronized to the On-prem Active Directory.
Self Service Password Reset (SSPR) – is a service that allows to end users to reset their password for themselves through the Office 365 portal. To use this service, you must first configure Password Writeback because this SSPR service works hand to hand with Password Writeback.
In order for you to have the possibility to set up Password Writeback in your organization, you must make sure that you have a license of “Azure AD Premium P1” or higher cause without this license you will not be able to use Password Writeback and SSPR.
Configure Password Writeback:
Connect to your AD Connect server, open the “Azure AD Connect” software and click “Configure”.
Click on “Customize synchronization options”
Â
Enter a username and password with admin privileges on the Tenant.
Â
In the next two windows (Connect your directories, Domain/OU Filtering) do not define anything, just press NEXT twice until you reach the “Optional Features” panel.
Mark the “Password Writeback” box with a V, press NEXT and then “Configure”.
Â
At this point we have finished the On-Prem settings and now we will move to config the settings in Azure.
Connect to the following portal:
aad.portal.azure.com
Go to Active Directory –> Password Reset –> On-premises integration
Make sure that the setting “Enable password write back for sync users” is marked with a V and if it is not marked so mark it and press “Save”.
We have finished configuring Password Writeback in the organization and now we can start to configure the service “(SSPR)”.
Self-service password reset (SSPR)
In your AZURE portal go to:
Active Directory –> Password Reset –> Properties
Now choose who you want to give permission to reset the password, it can be a group of users or all users of the organization.
There are several methods for resetting a password through Office365
I will present two ways:
1. The password reset portal can be published to users: https://account.activedirectory.windowsazure.com/changepassword.aspx
Any user who connects to this address will have the option to change their password.
2. If the user forgot the password and is unable to connect to his account, he can recover his password through the following portal: https://passwordreset.microsoftonline.com
This Article Was Written By Matan Sigavker
