Forum Discussion
Office 365 Self-Service Password Reset without having Exchange Online?
Hi There,
We are trying to setup a self-service password reset for our users residing in on-premises AD but we do not have Exchange online. Is it even possible for us to setup SSPR with Azure AD Connect without involving Exchange at all?
Hi, Exchange is not relevant to SSPR. As long as you are syncing your on-premises AD to Azure AD with Azure AD Connect, and you have licences as per https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-licensing then you should be good to go with this feature.
6 Replies
Hi Johnv735
Yes, it is possible. If you want your on-prem users to be able to reset their passwords via the SSPR (i.e. Office 365 synchronises back to the on-prem AD ) then you will need an Azure P1 licence for that user.
The SSPR included in the Free version of Azure AD does not write-back to on-prem, it only changes the password in 365 - the next time AzureAD synchronises that password is changed back to the AD password.
It is my understanding that Exchange Online is not a pre-requisite for this . You may have seen this already, but this goes into a bit more detail about the functionality.
https://azure.microsoft.com/en-us/pricing/details/active-directory/
Hope this helps,
Mark
Thanks for the reply!HidMov Here is the situation, We do have P1 licenses for users but when I verify our custom domain in Azure from, let's say, xyz.onmicrosoft.com to xyz.com so that users can login with their current email addresses this poses issue with Microsoft Teams stop treating "xyz.com" as external address and will not allow invite to be sent for the meeting. Is there a workaround for this? So that Office 365 do not treat xyz.com as internal? Any help will be greatly appreciated!!
Hi, if you add your xyz.com domain into your M365 tenant, which it seems you have, then this is going to be considered as an internal / accepted domain within your environment. I am curious to understand why you would wish it to be considered external?
Hi, Exchange is not relevant to SSPR. As long as you are syncing your on-premises AD to Azure AD with Azure AD Connect, and you have licences as per https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-licensing then you should be good to go with this feature.
