If you worked in a help desk at all, one of the sore spots of working in a help desk is password reset. Now, this is probably one of the areas that's also a runaway cost. Microsoft has brought us a solution, and it's called the self-service password reset. Now, this gives the user the ability of resetting their own passwords in Azure, this will help to lower the total cost of ownership of the help desk. Now, this does require that you have an E3 M365 license, Microsoft 365 license, or a P1 add-on purchase. Also requires that if you have a hybrid connection or configuration with a connection to your on-premises environment, then you'll need to enable the password write back on the Azure AD Connect. We'll be talking about this later on. So back in the portal, we go in and look at the password reset. So we need to go into our Users. Once we're into Users, then we go into Password reset. Now you have the option of implementing the self-service password reset. So you can do a "Selected", which you can do based on groups, or you can do an "All". Once you've set this up, as you go ahead and save this, then we go and look at the authentification methods. So the authentification methods, we can do one or two of them. So we can do a mobile app code, we can do e-mail, mobile phone, office phone, security questions. Now, if we select the security questions, then we can say how many do we require them to be able to create and then once they go to reset their password, how many do we want to have them actually answer? So we can do 3, 4, 5. So the max is five that we need them to create, and five that we can use to identify them. Then we have the Registration and "Require users to register when signing in?" Yes or No. The number of days before users are asked to confirm their authentication information. Then we have the Notifications, notify users on their password resets, or notify admins when the password has been reset? Then we can customize it. We can customize the help desk link. So that way we can redirect them to a page that we create. We have the on-premises integration, and this is where we'd have to put in password write back. So right now I don't have an Azure AD Connect installed and having password write back, if I did, then I'd be able to implement password write back. Then we have our Audit logs. So that way we can keep track of when people have made their changes and you can see there's a failure here. So we can look at UserManagement and who it was and so forth, and this gives us the ability to be able to track it. So the User Principal Name and who the individual was. Then we have our Usage & Insights. So this tells us the users registered for multi-factor authentication, self-service password reset level, and also self password reset and then we have some troubleshooting that can help us be able to resolve any problems that may have occurred. Azure AD gives you the same ability of joining objects to it, like Active Directory, it does not require a hybrid connection. There are companies that start off with Microsoft 365 and decide that they want to have their employees to be managed by Intune. You can do this by connecting the device to Azure AD, this will allow you to manage the device in the Cloud. Now you can also do co-management if you have a hybrid environment, and this requires that you are using SCCM, which is System Center Configuration Manager, in your on-premises environment. Now, there are some benefits of doing this. You can use Windows 7, 8, and 10 devices, you can also support BYOD devices, and you'll be able to separate your corporate data from the personal data. Now, this does require you have a P2 license, which is available with your E5 or EMS E5 or as an add-on. So I'm back in the portal, so I'm going to go ahead and go into my Azure Active Directory, and under here I have my devices. So you can see there's a lot of devices that are currently connected. So I can see exactly who it is, I can click on the "Devices" and be able to see what they are. So I have a Windows Phone, and there's the information on the device and so forth and what I can do is I can disable this device or delete it. Let's go back. So what I can do is I can click on it and I can disable it, I can delete it, and if I have a connection within Intune, I can do all kinds of different things like break up the corporate data from the personal data. So that way if I want to wipe the device, I can wipe it without deleting the personal data and just delete, like I said, the corporate data. So it helps us to be able to manage our devices better.
