The Link You Are Using Is No Longer Active You May Need to Register Again or Reset Your Password

Offset published on CloudBlogs on April, 29 2014

Howdy folks,

Administrators take been able to reset their forgotten passwords in Azure Advertizing for a long time at present and we've heard lots of requests from customers who also want to enable their end users to reset their own passwords.

Well, we've heard your feedback, and have been working to allow you enable end user self-service password reset in just a few clicks. To aid y'all begin using password reset, let me introduce Adam Steenwyk, a senior program director on the Active Directory team. He's written a detailed guide to the characteristic and how you can become started with it.

To try it out, sign in to the Windows Azure Management Portal , click on Active Directory in the left navigation bar, so head to the directory configuration tab and wait for the 'user password reset policy' section.

Best Regards,

Alex Simons (twitter: @Alex_A_Simons )

Director of Program Management

Active Directory Squad

-----------------------------------------------------------------------------------------------------

How-do-you-do everyone,

I'yard Adam Steenwyk, Senior PM on the AD squad, and I'chiliad here today to innovate to you lot our cool new user self-service countersign reset functionality.

Self-Service Password Reset for Users is part of the latest fix of changes included in Windows Azure Active Directory Premium. With this feature, users tin reset their passwords using their mobile or part phones, or their alternate email addresses. Users can fifty-fifty self-register their ain countersign reset data with a few mouse clicks! In addition to this, every bit the administrator you have total control over the policies practical to these users when they reset their passwords. Y'all don't want users to reset using their mobile phone number? No problem! You want to specify how many verification steps users must go through? You bet you can!

There are three questions that you'll exist able to answer later reading through this mail:

• How can I configure password reset from the Azure management portal?
• How can my users register for password reset?
• How can my users reset their passwords after they are registered?
• How tin I configure countersign reset to write passwords back to a local Active Directory?

Permit'due south get started!

How to configure password reset in the Azure management portal

In order to enable Self-Service Password Reset, yous'll need to be using Windows Azure Active Directory Premium. You tin can learn how to do that by following the instructions here . One time you've washed that, sign in to the Windows Azure Management Portal , navigate to your directory, click on the CONFIGURE tab, and scroll downwards until yous run across the "user password reset policy" section (see Fig. 1). This is where all the magic happens.

Fig. i : The directory configuration tab

Fig. 2 : The user password reset policy configuration section

Once in configure tab, the in a higher place is what you'll see in the "user password reset policy" department (run across Fig ii.). At that place are a lot of bully knobs you lot can tweak to change the behavior of password reset in your arrangement. They are split into a few logical categories:

• Security Policy
• Registration Policy
• Portal Customization

Let'due south take a moment to go through them one by i.

Fig. 3 : Countersign reset security policy

How to manage password reset security policy

Controls in this department (outlined in Fig 3. to a higher place) impact how password reset works in your organization. Read on beneath to come across a description of what each of these controls does.

• Is countersign reset enabled for my directory? Once yous're using Windows Azure Agile Directory Premium, you'll come across a new configuration setting which allows you to turn password reset on or off for all your users. In order to come across the residuum of the policy controls, you'll have to plough this on first. Likewise, stay tuned, nosotros're looking at ways that will allow you enable this characteristic on a per-user or per-grouping basis.
• What types of contact methods tin can users use to reset their passwords? Once you've turned this feature on, you'll be able to choose which contact methods a user is able to employ to reset his or her password. For those of you with international phone numbers, y'all'll be happy to know that we support both voice and SMS calls for the mobile phone-based contact method. All of our SMS and voice messages are likewise fully localized for your users coming from dissimilar locales. Don't see a contact method you are interested in? Let united states know!
• How many contact methods must a user provide when resetting their passwords? For those of you lot with high security requirements, or those who just want a bit more assurance that passwords are existence reset securely, we allow you to crave that your users go through either one or two of your selected contact methods above.

Fig. 4 : Password reset registration policy

How to manage your password reset registration policy

Controls in this section (outlined in Fig 4. above) affect how and when users register for password reset. Read on below to see a description of what each of these controls does.

• Where do my users become to register their data? Don't accept contact data defined for all of your users? No trouble! We provide an end-user accessible portal where users can provide their contact data in a unproblematic and secure style. As we make our service richer over time, we'll brand sure to all of the newest challenges we build and then your users stay up-to-date.
• Are users required to register for password reset when signing into the access console? Want to register users in your organization for password reset quickly and easily? You can configure password reset to get together contact data from your users when they go to http://myapps.microsoft.com . Too, stay tuned, nosotros'll be looking into allowing you to enforce this when users sign in, too.
• How long before users must re-confirm their contact data? Want to go along your user's contact data up-to-date over time? You tin do that, as well. With this feature, you can optionally configure the time that must elapse earlier a user is prompted to verify their contact information again later their initial registration. If you gear up this time to 0 days, nosotros will never prompt users to re-verify their data.

Fig. 5 : Password reset portal customization (tenant branding not shown)

How to manage password reset portal behavior and appearance

Controls in this section (outlined in Fig 5. above) customize the appearance and beliefs of the password reset portal. Read on below to see a description of what each of these controls does.

• When a user has a problem, what helpdesk link practise they see? We provide a capability which volition automatically dispatch an email to the user, countersign, or global administrators of a tenant if a user sees an error while resetting his or her password. Don't like it? No trouble, you can override the link users see when resetting their passwords to indicate to a custom email address or website URL where y'all can depict to them how they can access your organization'south helpdesk.
• When branding do users see when they come to the countersign reset portal? Using the tenant branding and customization feature that nosotros've talked nearly earlier , y'all can set an organizational logo to show upwardly on your arrangement's sign in page and access console. Nosotros'll show this same logo when users come to the password reset portal. Furthermore, we'll also use your directory name in all email communications we send to your users. Finally, if yous have some other branding requirement, we'd love to hear about information technology!

Want to larn more about how countersign reset for users works nether the covers? Bank check out TechNet for more than detailed documentation .

How end users can annals for password reset

Once you configure the service to your liking, yous can provide contact data for your directory users by using DirSync, PowerShell, or the Azure or Office Admin Portals. If y'all choose to provide the data yourself, make sure you include a country lawmaking and a + in the phone number, like this "+one 4251234567", so that we know how to accomplish you. The detailed documentation volition give y'all more information almost how you should format your phone numbers so that they work with our arrangement.

In the case that you lot want your users to do this on their ain, below is what they'll see when they come to the password reset registration portal. If you want to endeavor it out yourself, you can admission the registration portal by going to this link: https://aka.ms/SSPRSetup and logging in as a test user. Merely make sure that you lot take SSPR enabled for that tenant, first.

Fig. 6: The password reset registration portal

Fig. 7 : Verifying a phone number in the password reset registration portal

Users can annals both their mobile phones and personal email addresses on this spider web page (see Fig. 6 and Fig. vii above). They tin and then use this information to reset their passwords at a later time.

Fig. 8 : Updating an existing phone number or email on the registration portal

One time they're configured, users tin can come back to this page later to update their contact info without having to bother you, the admin (see Fig. 8 above).

Fig. 9 : Accessing the registration portal from the awarding admission panel

Users can also access the registration folio at a later time past clicking a tile on their profile page in the application access panel (run across Fig. nine above).

How end users can reset a password

When it comes time to reset a forgotten password users tin access the password reset portal by clicking the "tin't access your business relationship?" link at the lesser of whatsoever Organizational ID sign in page, or going directly to https://passwordreset.microsoftonline.com .

Fig. 10 : Accessing the countersign reset portal from the sign in screen

Fig. 11 : Starting the countersign reset process for a user

In one case a user clicks on the link in Fig. 10 above, he or she will then be asked to enter a UserID and pass a captcha (encounter Fig. 11 to a higher place). Don't worry, nosotros check to make certain all of their data is valid and that they run across your countersign reset security policies earlier sending them through the password reset procedure so that calls to your helpdesk are minimized.

Fig. 12 : Performing the commencement verification footstep to reset a password

Fig. 12 illustrates what a user might see if they have self-registered a mobile phone number and an alternate e-mail address, and have an office phone defined past their administrator. Notice that any customized branding y'all may have defined shows up on this page, too.

Fig. 13 : Performing the second verification step to reset a countersign

As users go along through the verification steps, the contact methods they've already used are removed, and they are left with but those options that are inside policy and properly configured. In Fig. 13 in a higher place, you can run across that because the user already used a mobile telephone as his or her kickoff contact method in Fig. 12, he or she doesn't have that as a verification option any longer.

Fig. 14 : Contacting an administrator as part of the password reset experience

And, if whatever problem occurs, users tin get in contact with your organization's helpdesk with a single click! Every bit described in the " how to manage password reset portal beliefs and advent " section before, attempt overriding the link below to a custom URL or electronic mail accost to give your users the best possible password reset experience.

How you can enable passwords to be written dorsum to a local Active Directory

Some other cool feature nosotros've recently added allows you to write passwords that have been reset in the cloud back to an on premises Ad deployment. This means that if y'all are using federation or countersign hash sync, whenever your users come to reset their passwords in the cloud, those passwords will be written back to your local Advertising environment, too. What's even libation is that this characteristic ships right along with DirSync, so if you are using DirSync, all you take to do is upgrade to the latest version and turn on the feature to get started!

Here's are some of the highlights of this new feature:

• Supports resetting passwords for users using ADFS or other federation technologies. With writeback, as long as users are DirSync'd into your cloud tenant, they'll exist able to manage their local AD passwords from the cloud.
• Supports resetting passwords for users using password hash sync. When the password reset service detects a user is enabled for countersign hash sync, we reset both her on-prem and cloud password simultaneously.
• Enforces your local Advert and cloud AD password policies . When a user resets her countersign, nosotros first ensure that it meets your local and cloud AD password policies earlier committing it to any directory.
• Doesn't require any new firewall rules. Password writeback uses an Azure Service Jitney relay as an underlying communication channel, meaning that you do not have to open up any new ports on your firewall for this characteristic to piece of work.

Countersign writeback is currently in public preview as part of the latest release of DirSync. Click here to larn more than near how to download, install, and use it today!

Next Steps

Of course, this is just the beginning! We constantly strive to improve these services to make them better for you and your users. Hither are some of the things we're working on for upcoming releases:

• Enabling write dorsum of passwords when they are changed (non but reset).
• Enabling more contact / verification methods. Practice you have one you'd like? Permit united states of america know!
• Allowing an administrator to choose whether or not users are required to annals for password reset when they sign-in from anywhere, non but the access panel.

To wrap things upwardly, thank you for taking the time to read about password reset, and remember: nosotros're e'er interesting in hearing what yous retrieve! If you have whatsoever feedback for united states of america – whether it be new feature requests, confusing aspects of the current experience, or something you really like – please do not hesitate to driblet us a line on the Azure Active Directory forum on TechNet.

floresores1956.blogspot.com

Source: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/deep-dive-password-reset-with-on-premise-sync-in-azure-ad/ba-p/243687

Share this post