Forum Discussion
Azure AD self-service password reset - Group (SSPR)?
Hi, Do anyone know what kind of group(s) are valid here. Synced Universal/Global Security Group seems to work but how about subgroups or Azure Dynamic Secure group?
Documentation of SSPR said "Only members of a specific Azure AD group that you choose can use the SSPR functionality"
Any Group in Azure AD. This also applies to Dynamic Groups, because the dynamic property applies to the membership type, not the Group itself.
When you go to Azure > Password Reset you see three options: None, Selected, and All. With All you enable SSPR for all users, but with Selected you can select specific groups from your AAD directory.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-best-practices
Pablo R. OrtizThe problem is you can only select ONE group :-(
We took the approach of using a dynamic security group, with the members populated based on the fact a user had a EMS licence assigned (licence requirement for SSPR with AD writeback)
