Implementing Self-Service Password Reset for Small Business: What Are My Options?

By
Anthony Fisher
-
0
8
Asked By TechWhiz42 On

I manage a small business with about 500 active users and we're currently using Office 365 E3 with security defaults enabled. We're not in a highly regulated industry, and we want to set up Self-Service Password Reset (SSPR). I'm wondering if relying solely on Microsoft Authenticator is a viable option for our users, as I've come across mixed opinions on this. While I understand that it's unlikely for someone to steal a user's unlocked phone, enforcing security measures like PIN or biometrics on personal devices seems unfeasible. I'm considering a combination of Microsoft Authenticator and an alternate email for recovery, but I'm also concerned about how many users might lose access. SMS seems less effective since they'd need access to the phone already. For our executive, finance, and HR teams, I'm debating whether to not use SSPR at all or provide them with hard tokens. What do you think?

3 Answers

Answered By SecureMeNow On

Since you’re using Office 365 E3, I really recommend steering clear of the default security settings. For your executive team, consider using physical security keys like YubiKeys instead of traditional passwords—it’s just safer all around.

Answered By UserHelp101 On

While you can enforce biometric unlocking for Microsoft Authenticator through Intune, I think for your situation, using Authenticator with an alternate email is sufficient. Users typically manage their backup emails fine. People who lose both won't get around it without calling tech support anyway. SMS as a backup can still help since phones can get lost or reset. And for your execs, it's best to avoid SSPR entirely—just handle password resets manually when they call.

Answered By TechSavant99 On

It's true that Microsoft Authenticator alone probably won't work for your needs unless something's changed recently. You should check the documentation for updated authentication methods. But since you’re on Office 365 E3 and not M365, you might have limited options.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.