Great tutorial! Notice your phone is not completely blurred on all video. I don’t know if you can send me a PM I’ll send you the exact time if you can’t find it.
Few other small q , What is SSPR capability to integrate with ITSM tool? I would like each reset of the user should be recorded as a ticket in ITSM.? In a scenario, where we have smart card authentication and if a user forgets or lost his smart card, how SSPR can help at GINA Prelogin screen?
I don’t know of a direct integration of SSPR with ITSM or smart card Auth. Smart cards are a very different authentication system, which Azure AD does not do directly. You need ADFS or a KDE Proxy. As for ITSM, Azure alerts DO integrate, however I am not sure if you can alert on a user changing their password. See what data is in the AzureAD alerts or activity logs.
Firstly another fantastic video, I have learnt so much from watch these thank you…I have a question: If the registration feature is enabled after enabling SSPR will the existing users receive an authentication prompt to register and how will this impact them?
Yes you can. SSPR allows users to reset their passwords not AADDS. However the way you get the password to reset in AADDS just takes time. You will reset the password in Azure AD Then when the next sync from Azure AD to AADDS happened the password will be updated.
If you have a local account on a laptop...no it won’t. If the account is an AD account then the next time the laptop connects to the network the password would be updated but until then it will not be updated
@@AzureAcademy When its Password write back, then why Azure AD won't write back the password on its own to OnPrem AD, why there is a need to have computer connected to VPN? Secondly wats the usual replication time from Azure AD to OnPrem AD while writeback?
Azure AD WILL write the new password to the domain controller, but that change will not get registered to your laptop until you are connected...remember you asked about a laptop and you also said that you don't have access to the company network or VPN. So Password writeback will send the update to the domain controller but that update will not sync down to your laptop because you are not connected. Once you connect to the network or VPN network the sync will complete.
Thank you for getting back so my question is without enabling self service password can the global administrator reset the password using SSPR url ? I see it is enabled by default for administrators but when I tried resetting password using SSPR url it is telling SSPR is not enabled I hope this clarifies what I am looking for
@@AzureAcademy what should a global administrator should do to reset his own password using SSPR url without enabling this feature ?Do they need to enable MFA or the feature should be on even for global administrators?
No, global admins can do password resets directly or issue password resets to users but SSPR only works for the user that is requesting it…and for that it must be enabled
Thumbs up for Mr Snover! Clear video, thanks!
👍👍
Putting this in tomorrow. Thanks again! Amazing content
Awesome! Let me know how it goes
Thanks for the vid. Looping forward for the next topic/vid.
Thanks!
Great tutorial! Notice your phone is not completely blurred on all video. I don’t know if you can send me a PM I’ll send you the exact time if you can’t find it.
I think I blurred them out now...thanks!
Thank you, it's a really cool feature!
Time and Money saver...what’s not to love!
Shazam 😎👍😁🌲 ,....savings🙈 piles of Money 💸🎅😳😁... Dean superfunny guy.... you made my day again 🍺
👍👍
Awesome
Thanks for sharing
👍👍
I don't know who Jeffery is, but I just like to give you a Thumb Up.
Thanks! Also look up Jeffrey Snover...I bet he has impacted your career, and you probably use something he invented every day 😳
Few other small q ,
What is SSPR capability to integrate with ITSM tool? I would like each reset of the user should be recorded as a ticket in ITSM.?
In a scenario, where we have smart card authentication and if a user forgets or lost his smart card, how SSPR can help at GINA Prelogin screen?
I don’t know of a direct integration of SSPR with ITSM or smart card Auth. Smart cards are a very different authentication system, which Azure AD does not do directly. You need ADFS or a KDE Proxy. As for ITSM, Azure alerts DO integrate, however I am not sure if you can alert on a user changing their password. See what data is in the AzureAD alerts or activity logs.
Missed live
Sorry to hear that...but you always catch the video ☺️
Firstly another fantastic video, I have learnt so much from watch these thank you…I have a question: If the registration feature is enabled after enabling SSPR will the existing users receive an authentication prompt to register and how will this impact them?
Yes they will, the next time they go to log in. That is the only impact
Thank you for the swift response, I can now add this to my document for the end user process before enabling 👍
Awesome
very informative thanks.. do we need to have MFA enabled for users as a pre-req before settings up sspr so they get text / calls?
No you don’t have to have MFA, but it is highly recommended
How SSPR is different from tools like Courion? Can we also configure SSPR to reset apps based passwords? Pls highlight few differences.
I gave not used Courion, so I could not say.
No on the Azure AD App based passwords SSPR is for humans only.
Are you able to configure SSPR if AADDS is utilised? Thanks for the continued content, Azure Academy has been a great help to my learning.
Yes you can. SSPR allows users to reset their passwords not AADDS.
However the way you get the password to reset in AADDS just takes time.
You will reset the password in Azure AD
Then when the next sync from Azure AD to AADDS happened the password will be updated.
@@AzureAcademy That's great. Thanks for the reply!
anytime
Jeffrey Snover created powershell.
There it is!
Will password write back will update user’s password on his laptop when user is remote and don’t have access on company network (not even VPN) ?
If you have a local account on a laptop...no it won’t.
If the account is an AD account then the next time the laptop connects to the network the password would be updated but until then it will not be updated
@@AzureAcademy When its Password write back, then why Azure AD won't write back the password on its own to OnPrem AD, why there is a need to have computer connected to VPN? Secondly wats the usual replication time from Azure AD to OnPrem AD while writeback?
Azure AD WILL write the new password to the domain controller, but that change will not get registered to your laptop until you are connected...remember you asked about a laptop and you also said that you don't have access to the company network or VPN.
So Password writeback will send the update to the domain controller but that update will not sync down to your laptop because you are not connected. Once you connect to the network or VPN network the sync will complete.
I see this feature is enabled by default to Global administrators but how to verify this they have SSPR enabled do we need to enable MFA to test ?
I show how to enable and test in the video…not sure what you are asking?
Thank you for getting back so my question is without enabling self service password can the global administrator reset the password using SSPR url ? I see it is enabled by default for administrators but when I tried resetting password using SSPR url it is telling SSPR is not enabled I hope this clarifies what I am looking for
@@AzureAcademy what should a global administrator should do to reset his own password using SSPR url without enabling this feature ?Do they need to enable MFA or the feature should be on even for global administrators?
No, global admins can do password resets directly or issue password resets to users but SSPR only works for the user that is requesting it…and for that it must be enabled
The feature either is enabled or not
However you can enable the feature and then enable it for certain groups I showed this at 1:35 in the video
Jeffery is PS inventor ....who says make it so for declerative or ps dsc 🤪😜
😎