Introduction to Azure AD in Microsoft 365

Name: How to configure users Self Service Password Reset SSPR step by step guide ! Advanced MS365 Course !
Uploaded: 2026-03-03T15:18:53.074929+00:00
Channel: Teach Me Cloud
Description: to Azure AD in Microsoft 365 Azure Active Directory, now called Microsoft Entra ID, is a cornerstone of Microsoft 365.

Teach Me Cloud

Mar 03, 2026

•

2 min read

YouTube video ID: Lu1VT13GvyE

Source: YouTube video by Teach Me Cloud — Watch original video

PDF

Azure Active Directory, now called Microsoft Entra ID, is a cornerstone of Microsoft 365. It hosts a wide range of services for managing mail flow, identity, and hybrid infrastructure. The AD Connect tool synchronizes on‑premises Active Directory objects to Azure AD, enabling seamless hybrid scenarios. Administrators can reach the Azure admin center through the shortcut URL intra.microsoft.com.

Managing Groups in Azure AD

Types of groups

Azure AD offers two primary group types:

Security Group – used for assigning licenses, delegating permissions, and applying policies across multiple users.
Microsoft 365 Group – works like a distribution list or shared mailbox, providing a collaborative workspace for its members.

Both types have built‑in equivalents similar to those in on‑premises Active Directory.

Member shipping types

Group membership can be defined in three ways:

Assigned – members are manually selected.
Dynamic User – users are automatically added when they meet a query‑based condition.
Dynamic Device – devices are automatically added based on query criteria, a useful method for enrolling devices in Microsoft Intune (for example, through Autopilot).

Licenses assigned to a group flow to every member, allowing administrators to provision software at scale.

Use cases

Assigning a Microsoft 365 license to a security group instantly grants that license to all its members.
Using dynamic groups to enroll devices simplifies Intune management and ensures compliance policies are applied uniformly.
Delegating administrative tasks to specific groups reduces the need for individual permission assignments.

Configuring Self‑Service Password Reset (SSPR)

Prerequisites

Multi‑Factor Authentication (MFA) must be enabled for each user who will use SSPR.
A Microsoft Entra ID P2 license (formerly Azure AD Premium P2) is required.

Steps to enable SSPR

Activate MFA for the target user (e.g., via the Microsoft Authenticator app).
Sign in to the Office portal as that user and complete the MFA setup.
In the Azure admin center, go to Users > All Users > Password reset.
Choose one of the three SSPR modes:
None – SSPR disabled.
Selected – SSPR enabled for users in a chosen group.
All – SSPR enabled for every user in the tenant.

User experience

After SSPR is turned on, users see a “Forgot my password” link on the sign‑in page. Clicking it launches a verification flow that leverages the previously configured MFA methods. Once verified, the user can set a new password. Changes to SSPR settings typically propagate within 5–10 minutes.

Hard Facts & Numbers

The shortcut URL for Azure AD services is intra.microsoft.com.
SSPR configuration changes require 5 to 10 minutes to become effective.

Takeaways

Azure Active Directory (Microsoft Entra ID) is the core identity service for Microsoft 365, offering tools like AD Connect and the Azure admin center (intra.microsoft.com) for hybrid management.
Security groups and Microsoft 365 groups let administrators assign licenses, delegate permissions, and apply policies, with membership options including Assigned, Dynamic User, and Dynamic Device.
Dynamic groups automatically add users or devices based on query criteria, enabling bulk license assignment and streamlined Intune enrollment via Autopilot.
Self‑Service Password Reset requires MFA and a Microsoft Entra ID P2 license, and can be enabled for none, selected groups, or all users through the Azure admin center.
After SSPR is configured, users can reset passwords from the sign‑in page, though the new settings may take 5–10 minutes to propagate.

Frequently Asked Questions

Who is Teach Me Cloud on YouTube?

Teach Me Cloud is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Azure Ad Guide Recommended

A concise book that explains Azure AD concepts, group management, and SSPR setup, helping readers apply the steps described.

Amazon →

Az‑104 Exam Ref

Covers Azure administration topics, including Azure AD integration and security, supporting the knowledge needed for managing groups and password reset.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

in last class of our Advanced Microsoft
365 course we discussed about how we can
manage the users and multi-factor
authentication with the help of azure
active directory as we know that as we
discussed before the Azure directory is
one of important uh topics related to
the Microsoft 365 because the Azure
active directory contain lots of
services those Services can help us to
manage our mailing related activity
because you know that if you plan to set
up your on-premises exchange you want to
make a hybrid infrastructure for mailing
services then again Azure activity come
into the picture if you want to
synchronize the users from on-premises
ad to Azure active directory then again
as your academic service or ad connect
tool can help us to manage our hybrid
infrastructure
so I'm going to move another topic
another important options which are
available on our Azure directed active
panel so in this class I am going to
give you the complete information about
the groups because we discussed only
about the users so I'm going to give you
the complete information about groups
and also we'll discuss about sspr
service
so let's move ourselves to the portal
and discuss about the procedure and
concept of these two important point I
am anjit your online instructor and
please do subscribe your on teach me
Cloud YouTube channel because teach me
cloud is a single Technical Training
based YouTube channel that give you 100
Life practical ways with you without
skipping any step
so I'm going to open or I'm just going
to log in our Office 365 portal right
and then show you the steps how we can
manage the users and uh what we can say
that users and
groups and sspr services
let me open the Azure admin center right
we just need to open the Azure admin
Center this is Microsoft 365 admin
Center and just need to click on
identity as we know that Microsoft
updated Microsoft did lots of changes
over over 365 portal now we are able to
see the entire options related to the as
directed active ID by using
intra.microsoft.com so this is the URL
shortcut URL that help us to access that
help us to access our Azure directed
active related services
fine so this is the panel let me click
on the users and we have already created
multiple users in previous class we
created Azure gcp support three
different users are available on our
Azure acted active panel so I'm going to
create group and let's talk about how
many types of groups are available in
Azure active directory and why we need
to create group uh uh in in case of
production environment so we just need
to click on the groups
all groups and it will redirect you on
the page of groups and we are able to
find n number of yes n number of groups
are are already available means these
groups are considered as a built-in
group right so you can consider like as
a in case of on-premises active active
domain Services we are able to find the
group option and built-in group all also
available that we can use for the
delegation Services as it is n number of
groups are available that we can use for
the delegation for Microsoft 365
Services let me create new group click
on new group and this is the type of
group you just need to select here and
we are able to find security and
Microsoft 365. so as per the name
suggests the meaning of security
if you want to assign the license if you
want to create a group for the
delegation purpose you want to create a
policy and apply the same policy to
multiple users so you always proceed
with security group and put the users in
Security Group and assign the same
policy and it will impact to the entire
users that you added in the security
group Microsoft 365 group so basically
the work of Microsoft 365 group like as
a DL distribution list and you want to
say create a shared mailbox so we always
proceed with the Microsoft 365 group
right so let me create a one group One
Security Group demo
hyphen group okay this is the group name
that I'm planning to create and here we
are able to find member shipping types
so yes we are able to find three
different option one is assigned and uh
another is dynamic user and another is
dynamic devices so the meaning of
dynamic user Dynamic user in the sense
like as the user that you want to select
with the help of query query in the
sense you just need to click here it
will redirect you on the page of query
where where we need to provide the
extension for the query
right so Dynamic user you just need to
create a list and uh it's a it's a kind
of pool you can say that and and number
of users are available in the pool uh
automatically be a part of our group
as it is if you select the dynamic
device so basically the dynamic device
query you need to execute if you want to
enroll multiple devices over a Microsoft
3 a Microsoft InTune portal so basically
uh which is considered as autopilot if
you want to enroll your devices with the
help of autopilot so definitely by using
this particular extension uh we are able
to express and basically ah we are able
to add about multiple devices
but I'm going to proceed with the
assigned when we select the option of
assigned it means that you are
authorized to select your own user that
you have so in our case we created gcp
right so one gcp another Azure so let me
add two different user and make it
member of our group
we successfully proceed and create one
group and now why we need to do that as
we discussed before if you want to
assign the license to multiple user at a
time and you want to enroll any kind of
devices with the help of our group so
that time we can create a we can we can
use the group option
let me open the properties we just
created so you have to wait for few more
seconds
right we just created our group so I'm
just going to refresh the page and try
to refresh right try to search our group
demo group open it what you want to do I
want to assign the license for this
particular group then the same license
you will find to the entire users which
are available in the particular group
click licenses and select assignment
which license you want to assign this is
365 license and this one is Mobility
Plus security E5 which is applicable for
the Microsoft InTune services
I am going to assign and save it right
so once you assign the license to our
group the entire users that you added in
this particular group they all are able
to access the same Services which are
available in the license
so guys this is the way that we can use
to configure the group over Azure active
directory and now we need to understand
about the sspr self service password
reset so as for the name such as the
meaning of self-service password reset
means users are able to reset their own
password
but make sure you have an idea about the
prerequisites so for example in our case
we have already created multiple users
this is our gcp user so I'm going to
activate the sspr service for this
particular user so what are the
prerequisite you must need to know about
the prerequis is to configure the sspr
the prerequisites are user must contain
their multi-factor authentication you
must need to configure MFA for the user
and P2 license yeah the mandatory thing
you must need to activate the P2 license
go to the billing and we have already
discussed click on the licenses part
click all products and click try or buy
and we just need to activate Microsoft
intra ID P2 and activate it
I have already used it so I'll already
activated this particular
P2 license so that's why we are unable
to access it again
so now these all are the prerequisites
to configure sspr one is multi-factor
authentication and another is uh you
need to activate the P2 license
so I think we could be the prerequisite
let me check I'm going to create new new
user to configure sspr service so new
user I am going to create with name of
telnet okay
and display name is also telnet
account enabled and let me create my own
password
fine no need to do anything tell it at
the rate teach me cloud.net and create
we successfully activated the we
successfully created the new user and
our responsibility to configure sspr
service for this particular account this
particular username
but before that as we discussed before
you must need to activate yes you need
to activate the multi-factor
authentication for this particular user
to activate MFA
go to the three dot per user MFA
and
select your user to activate MFA telnet
and enable it this is mandatory if you
want to set up multi-factor
Authentication
now open incognito wizard right
office.com
and I'm going to log in I'm going to
sign in office.com with the help of
telnet user telnet at
teach me cloud.net
and provide passwords
it's mandatory to configure multi-factor
authentication if you want to set up the
sspr service it's mandatory to manage
our multi-factor Authentication
so you need to use the tool of Microsoft
authenticator app I'm just going to scan
it and it will provide you
six digit code and the code will help
you to
activate your MFA
okay we successfully activated the
multi-factor Authentication
provide new password
multi-factor authentication
automatically sorry successfully
activated and our responsibility to
configure sspr service so as for the
name suggests sspr in case of sspr user
can change their own password means no
need to coordinate with the
administrator users are able to manage
their own password
multi-factor authentication configured
successfully for telnet user and now
let's talk about the sspr how we can
manage very simple step that you need to
use to configure sspr service back to
our root account right so I'm just going
to open our root account this is the
root account panel and to activate sspr
service what you need to do we just need
to open users all users under the all
users we are able to find password
receives right whenever we click on the
password reset it will redirect you on
the page of sspr and we have three
different options are available in sspr
panel Self Service password reset
enabled
selected are all are none right think
about it none in the sense you haven't
you don't want to use the sspr service
you don't want to configure the sspr
service
for selected it means that we don't have
option to select individual user you
always proceed with the a group means
you need to attach the group in this
particular icon and then save it
if you want to activate sspr service for
entire users that we have the number of
employees that the number of email IDs
that you created in this particular
account we just need to click all and
save it that's it this is the way that
you can activate sspr service and now
the user that you just created with name
of telnet the telnet user able to reset
their own password
sometime it will take time like as you
have to wait up to
5 to 10 minutes
yeah five to ten minutes within five to
ten minutes you you are able to get a
impact of sspr service how we can do
that we just need to click on sign in
and as we discussed I am I forgetted the
password for telnet user so you just
need to find one option you will find
one option for getting my password you
need to click here and provide the
code that you are able to find HC as
something this is the captcha or to
generated capture that you need to
provide
and proceed to next right so by using
this particular method we are able to
reset our password the users can reset
their own password
I hope everyone able to understand about
the procedure how we can manage the sspr
and create groups over Office 365 portal
using Azure acted directly so that's it
guys we'll connect soon in another
session and discuss about hybrid how we
can synchronize the users from
on-premises cd2 as United active so
let's connect tomorrow and discuss more
about Advanced Microsoft
365 post take care guys bye bye and do
subscribe here on teach me Cloud YouTube
channel bye guys