top of page

Azure Active Directory self-service password

Self-Service Password Reset (SSPR) is an Azure Active Directory (AD) feature that enables users to reset their passwords without contacting IT staff for help. The users can quickly unblock themselves and continue working no matter where they are or time of day. By allowing the employees to unblock themselves, your organization can reduce the non-productive time and high support costs for most common password-related issues.

SSPR has the following key capabilities:

  • Self-service allows end users to reset their expired or non-expired passwords without contacting an administrator or helpdesk for support.

  • Password Writeback allows management of on-premises passwords and resolution of account lockout though the cloud.

  • Password management activity reports give administrators insight into password reset and registration activity occurring in their organization.

Key benefits

The key benefits of enabling SSPR are:

  • Manage cost. SSPR reduces IT support costs by enabling users to reset passwords on their own. It also reduces the cost of time lost due to lost passwords and lockouts.

  • Intuitive user experience. It provides an intuitive one-time user registration process that allows users to reset passwords and unblock accounts on-demand from any device or location. SSPR allows users to get back to work faster and be more productive.

  • Flexibility and security. SSPR enables enterprises to access the security and flexibility that a cloud platform provides. Administrators can change settings to accommodate new security requirements and roll these changes out to users without disrupting their sign-in.

  • Robust auditing and usage tracking. An organization can ensure that the business systems remain secure while its users reset their own passwords. Robust audit logs include information of each step of the password reset process. These logs are available from an API and enable the user to import the data into a Security Incident and Event Monitoring (SIEM) system of choice.


Azure Active Directory is licensed per-user meaning each user requires an appropriate license for the features they use. We recommend group-based licensing for SSPR.

To compare editions and features and enable group or user-based licensing.


  • A working Azure AD tenant with at least a trial license enabled. If needed, create one for free.

  • An account with Global Administrator privileges.

6 views0 comments

Recent Posts

See All


bottom of page