I'm looking for advice on password reset tools for remote users, especially since we recently let our Netwrix Password Reset Portal license expire due to unwanted bundled features. We're also moving away from client VPNs since our retail user base struggles with them. Ideally, we want something that's really easy for non-tech savvy users. We're considering Microsoft's Self-Service Password Reset (SSPR) but have had mixed results in past tests. I'd love to hear your experiences and any recommendations you might have!
7 Answers
Are you using M365 and possibly password writeback to AD via Entra Connect? It’s crucial to ensure everything is set up correctly first before jumping on Microsoft SSPR. We switched a client to Entra Cloud Sync, and it's been great for data syncing!
Microsoft SSPR is pretty much the most straightforward option out there. Just remember to activate the writeback settings if you’re on a hybrid setup!
I’m curious too, what issues did you face with Microsoft SSPR?
If dealing with Microsoft setups is anything like Authenticator, I totally get the frustrations! The app just seems to have so many quirks that confuse users. Like, why does it tell you to download it when you're already using it?
In a hybrid setup, you can let users change their passwords via Microsoft or with a simple CTRL + ALT + DELETE, plus you can automate password expiry alerts for everyone.
If you’re on Entra ID or doing hybrid syncing with your on-prem AD, SSPR can work really well! The tricky part is getting users to enroll properly. Once they’re set up, most folks have a smooth experience with it.
Just make sure to have users signed up for Microsoft Authenticator, and you should be golden.
We moved everyone to Entra joined laptops, and self-service resets through MFA or SSPR have been super easy for them.
We use an always-on VPN that allows pre-login, along with SSPR, which has worked well for us!
We found that enforcing the initial password change during the first browser login was hit or miss. It worked once, which gave us hope! One tip we discovered was that new users need their mobile numbers added right away to set up two-factor authentication easily.