Azure Active Directory 自助式密码重置的许可要求Licensing requirements for Azure Active Directory self-service password reset

为了减少用户无法登录到其设备或应用程序时的支持人员呼叫和生产力损失,可以为 Azure Active Directory (Azure AD) 中的用户帐户启用自助式密码重置 (SSPR)。To reduce help desk calls and loss of productivity when a user can't sign in to their device or an application, user accounts in Azure Active Directory (Azure AD) can be enabled for self-service password reset (SSPR). 构成 SSPR 的功能包括密码更改、重置、解锁和写回到本地目录。Features that make up SSPR include password change, reset, unlock, and writeback to an on-premises directory. 可在 Microsoft 365 商业标准版或更高版本以及所有 Azure AD Premium SKU 中免费使用基本 SSPR 功能。Basic SSPR features are available in Microsoft 365 Business Standard or higher and all Azure AD Premium SKUs at no cost.

本文详细介绍了可以许可和使用自助式密码重置的各种方法。This article details the different ways that self-service password reset can be licensed and used. 有关定价和计费的具体详细信息,请参阅 Azure AD 定价页For specific details about pricing and billing, see the Azure AD pricing page.

比较版本和功能Compare editions and features

SSPR 按用户许可。SSPR is licensed per user. 为了保持合规性,组织需要为其用户分配相应的许可证。To maintain compliance, organizations are required to assign the appropriate license to their users.

下表概述了需要进行密码更改、重置或本地写回的各种 SSPR 场景,以及哪些 SKU 提供此功能。The following table outlines the different SSPR scenarios for password change, reset, or on-premises writeback, and which SKUs provide the feature.

功能Feature Azure AD FreeAzure AD Free Microsoft 365 商业标准版Microsoft 365 Business Standard Microsoft 365 商业高级版Microsoft 365 Business Premium Azure AD Premium P1 或 P2Azure AD Premium P1 or P2
仅限云的用户密码更改Cloud-only user password change
Azure AD 中的用户知道自己的密码,并希望将其更改为新密码。When a user in Azure AD knows their password and wants to change it to something new.
仅限云的用户密码重置Cloud-only user password reset
Azure AD 中的用户忘记了自己的密码,需要对其进行重置。When a user in Azure AD has forgotten their password and needs to reset it.
带本地写回功能的混合用户密码更改或重置Hybrid user password change or reset with on-prem writeback
使用 Azure AD Connect 从本地目录同步的 Azure AD 中的用户想要更改或重置其密码并将新密码写回到本地。When a user in Azure AD that's synchronized from an on-premises directory using Azure AD Connect wants to change or reset their password and also write the new password back to on-prem.


独立的 Microsoft 365 基本和标准许可计划不支持具有本地写回功能的 SSPR。Standalone Microsoft 365 Basic and Standard licensing plans don't support SSPR with on-premises writeback. 本地写回功能需要 Azure AD Premium P1、Premium P2 或 Microsoft 365 商业高级版。The on-premises writeback feature requires Azure AD Premium P1, Premium P2, or Microsoft 365 Business Premium.

有关其他许可信息(包括成本),请参阅以下页面:For additional licensing information, including costs, see the following pages:

启用基于组或基于用户的许可Enable group or user-based licensing

Azure AD 支持基于组的许可。Azure AD supports group-based licensing. 管理员可以将许可证批量分配给一组用户,而不是一次一个用户地分配。Administrators can assign licenses in bulk to a group of users, rather than assigning them one at a time. 有关详细信息,请参阅分配、验证许可证和解决许可证问题For more information, see Assign, verify, and resolve problems with licenses.

某些 Microsoft 服务并非在所有位置都可以使用。Some Microsoft services aren't available in all locations. 将许可证分配给用户之前,管理员必须为该用户指定“使用位置”属性。Before a license can be assigned to a user, the administrator must specify the Usage location property on the user. 可在 Azure 门户中的“用户” > “配置文件” > “设置”部分下完成分配许可证 。Assignment of licenses can be done under the User > Profile > Settings section in the Azure portal. 使用组许可证分配时,任何没有指定使用位置的用户将继承该目录的位置。When you use group license assignment, any users without a usage location specified inherit the location of the directory.

后续步骤Next steps

若要开始使用 SSPR,请完成以下教程:To get started with SSPR, complete the following tutorial: