As cyber threats continue to evolve, organizations need robust solutions to protect their sensitive data and systems. Microsoft's Azure Active Directory (Azure AD) offers a comprehensive suite of security features that can help organizations bolster their cybersecurity defenses. In this blog post, we'll focus on two essential components of Azure AD: Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA).
Self-Service Password Reset (SSPR)
Azure AD SSPR empowers users to take control of their account passwords without requiring administrator or help desk intervention. This functionality allows users to change or reset their passwords swiftly, reducing the burden on your IT support team. Here's why Azure AD SSPR is a game-changer:
Improved User Experience: Imagine a scenario where a user forgets their password or their account gets locked out. Traditionally, such incidents would necessitate time-consuming support calls and lost productivity. With Azure AD SSPR, users can easily unblock themselves and regain access to their accounts, minimizing downtime and frustration.
Reduced Help Desk Calls: One of the most significant benefits of Azure AD SSPR is the dramatic reduction in help desk calls related to password issues. When users can reset their passwords independently, your IT team can focus on more strategic tasks, enhancing overall operational efficiency.
Multi-Factor Authentication (MFA)
MFA is a fundamental security measure that requires users to provide additional forms of identification during the sign-in process. This additional layer of security significantly reduces the risk of unauthorized access. Here's why MFA is indispensable in today's threat landscape:
Enhanced Security: MFA mitigates the risk of unauthorized access by requiring users to provide a second form of identification. Whether it's a code from their cellphone, a fingerprint scan, or another method, MFA adds an additional layer of protection that is difficult for attackers to bypass.
Wide Range of Authentication Methods: Azure AD supports a variety of authentication methods for MFA, allowing organizations to choose what works best for their users.
For End-users: When to Set Up Your Security Info
You may encounter the prompt to set up your security info immediately after signing in to your work or school account. This prompt appears if you haven't already configured the necessary security info required by your organization.
Please note that if the information displayed on your screen differs from what's covered in this article, it's likely that your administrator has not yet enabled this experience.
Security info methods serve dual purposes: they are used for both two-factor security verification and password reset. However, not all methods can be employed for both purposes. Here's a breakdown of the methods and their respective uses:
Authenticator app: Used for two-factor verification and password reset authentication.
Text messages: Used for two-factor verification and password reset authentication.
Phone calls: Used for two-factor verification and password reset authentication.
Security key: Used for two-factor verification and password reset authentication.
Email account: Used for password reset authentication only. You'll need to choose a different method for two-factor verification.
Security questions: Used for password reset authentication only. You'll need to choose a different method for two-factor verification.
1. Sign in to your work or school account
After you sign in to your work or school account, you'll see a prompt that asks you to provide more information before it lets you access your account.
Important: This is only an example of the process. Depending on your organization's requirements, your administrator might have set up different verification methods that you'll need to set up during this process. For this example, we're requiring two methods, the Microsoft Authenticator app and a mobile phone number for verification calls or text messages.
2. After you select Next, a Keep your account secure wizard appears, showing the first method your administrator and organization require you to set up. For this example, it's the Microsoft Authenticator app.
Notes:
If you want to use an authenticator app other than the Microsoft Authenticator app, select I want to use a different authenticator app.
If your organization lets you choose a different method besides the authenticator app, you can select I want to set up a different method.
3. Select Download now to download and install the Microsoft Authenticator app on your mobile device, and then select Next.
4. Remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.
5. Open the Microsoft Authenticator app, select to allow notifications (if prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account.
6. Return to the Set up your account page on your computer, and then select Next. The Scan the QR code page appears.
7. Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you created your work or school account in Step 5.
8. Select Next on the Scan the QR code page on your computer. A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.
9. Approve the notification in the Microsoft Authenticator app, and then select Next. Your security info is updated to use the Microsoft Authenticator app by default to verify your identity when using two-step verification or password reset.
10. On the Phone set up page, choose whether you want to receive a text message or a phone call, and then select Next.
11. Enter the code provided by the text message sent to your mobile device, and then select Next.
12. Review the success notification, and then select Done.
How to Update Your Two-step Verification Method and Settings
After you set up your security verification methods for your work or school account, you can manage and update the related details.
1. Sign into the Microsoft 365 portal (office.com)
2. Select your avatar in the top right, then select View account.
3. Under Security info select Update info.
How to Reset Your Work or School Password Using Security Info
If you've forgotten your work or school password, never received one from your organization, or find yourself locked out of your account, you can reset your work or school password using your security information and your mobile device.
If you can't access your Azure Active Directory (Azure AD) account, it could be because either:
Your password isn't working and you want to reset it, or
You know your password, but your account is locked out and you need to unlock it.
1. In the Enter password screen, select Forgot my password.
2. In the Get back into your account screen, type your work or school User ID (for example, your email address), prove you aren't a robot by entering the characters you see on the screen, and then select Next.
Note: If your administrator hasn't turned on the ability for you to reset your own password, you'll see a Contact your administrator link instead of the Get back into your account screen. This link lets you contact your administrator about resetting your password, through either email or a web portal.
3. Select one of the methods to verify your identity and change your password and add the requested information.
Depending on your organization's settings, you can reset your password using various methods:
Reset your password using an email address: Sends an email to the address you previously set up in two-step verification or security info.
Reset your password using a text message: Sends a text message to the phone number you previously set up in security info.
Reset your password using a phone number: Places an automated voice call to the phone number you previously set up in security info.
Reset your password using security questions: Requires you to answer security questions you set up in security info.
Reset your password using a notification from your authenticator app: Sends an approval notification to your authenticator app.
Reset your password using a code from your authenticator app: Accepts a random code provided by your authentication app.
After resetting your password, you may receive a confirmation email from an account like "Microsoft on behalf of your_organization." If you receive such an email but didn't recently reset your password, please contact your organization's administrator immediately.
How To Change your Microsoft 365 Password
1. Sign into the Microsoft 365 portal (office.com)
2. Select your avatar in the top right, then select View account.
3. Select Password from the left navigation pane or select Change password from the Password block.
4. Type your old password, and then create and confirm your new password.
5. Select Submit. Your password will be changed and you'll be asked to sign in to your work or school account again.
In conclusion, Azure AD's Self-Service Password Reset and Multi-Factor Authentication are invaluable tools for enhancing your organization's cybersecurity posture. By empowering users, reducing help desk calls, and offering a wide range of authentication methods, Azure AD provides a comprehensive solution to protect your digital assets.
To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.