Self-Service Password Reset. You can use MFA to verify your identity to reset a password and those MFA methods can be predefined by admins.
So you can allow user to reset their initial passwords using SMS OTP and some another factor such as location (approved public IP ranges at offices for example)
I have to admit I have not implemented or even seen SSPR configured for initial password before, but this talk actually made me want investigate it further. Lab project for the weekend!
I’ve heard of SSBL; Single Sign on Before Log on, but I’ve never heard of SSPR what’s that one do?
Self-Service Password Reset. You can use MFA to verify your identity to reset a password and those MFA methods can be predefined by admins.
So you can allow user to reset their initial passwords using SMS OTP and some another factor such as location (approved public IP ranges at offices for example)
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
I have to admit I have not implemented or even seen SSPR configured for initial password before, but this talk actually made me want investigate it further. Lab project for the weekend!