It’s a trope in IT circles: users forget their passwords. The greater your scale, the more time this can occupy with tickets, service desk calls, and so on. If you use Microsoft Entra ID (previously Azure Active Directory), self service password reset (SSPR) is a capability that can help reduce this overhead. SSPR offers a user-driven admin-less approach, where users verify they are authorised to reset forgotten passwords then can do so.
Administrators and security teams can understandably and rightfully be cautious enabling SSPR. It’s a very useful service, so this blog covers five common mistakes you’ll want to avoid, based on what I’ve seen during tenant assessments.
This blog is part of a series on common Microsoft 365 security mistakes. View the previous blogs here:
- Conditional Access – Common Microsoft 365 Security Mistakes Series
- Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series
- Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series
- Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series
Mistake #1
text
Mistake #2
text
Mistake #3
text
Mistake #4
text
Mistake #5
text
Conclusion
text