How can we improve Azure Active Directory?

Make https://passwordreset.microsoftonline.com responsive design or app for password reset

It would be nice, if the passwordreset.microsoftonline.com looked great on a mobile device as well as on a PC. It isn't responsive and looks weird on a phone. You have to pinch to see the text and textboxes on the page.

Alternative Microsoft should consider integrating "Password Reset" / "Lockout" functionality in a new app or the existing Azure Authenticator app. This will notify the user about account lockout and also provide a way for the user to do a quick password reset a device. Of cause the user will need to answer a couple of questions, enter a pin or provide a fingerprint. I really like the fingerprint idea.

114 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Peter Selch Dahl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

16 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Gregg Revak commented  ·   ·  Flag as inappropriate

    A link to SSPR within the Authentication app would be a great feature. This would be useful especially when a user is dealing with a compromised credential. Think of the use case where a user's O365 account has been compromised. MFA & the Authentication app help protect or even prevent access from unauthorized devices. But users have inadvertently clicked APPROVE in the Authentication app. So the ability to quickly get to the SSPR site will improve protection.

    Also as a separate suggestion (and I'll post this in the Authentication app section if it exists), the Approve/Reject popups in the app should contain more information so the user can tell what app and what IP is triggering the approval request.

  • AdminAzure AD Team (Product Owner, Microsoft Azure) commented  ·   ·  Flag as inappropriate

    Hi folks! Thanks for all of the great comments. We are still planning to release a mobile-friendly experience for self-service password reset.

    I also see a lot of requests for integration into the Microsoft Authenticator app. I would love to learn more about what that means to you. Do you want a link to password reset in the app?

  • Alain Vancoillie commented  ·   ·  Flag as inappropriate

    "Redesign" - does this mean "redesign the webpage", creating a new app or integrating the SSPR functionality into the ms authenticator app?
    Integration into the authenticator app, with the possibility for the admin to define that the authenticator app is the only place a user can use to reset the pswd would be great.

  • James Ellinidis commented  ·   ·  Flag as inappropriate

    User's having full control of their account on a trusted device is essential. See below for ideas:

    ======
    Design
    ======

    The initial screen would display the same 6 generated numbers as in the Microsoft Authentication App. Entering or tapping the 6 digits would allow the user to login as per normal.
    Below the 6 digits we would require their be either an Unlock and Reset button / Link which would then prompt the user to enter their network password on their trusted device.
    Once entered, the AD account would either unlock or display a form within the app where the user can reset their password.

    + User would have the ability to unlock and reset their password within an App
    + Once registered, the device would be on the users trusted device list and potentially would not require any other authentication.
    + Allowing users to unlock/reset their password anywhere / anytime
    + Should be able to sell/convince this to end users
    + If designed correct, MFA and SSPR would be within the same single app – 2 in 1 Solution.

  • Eduardo Menezes commented  ·   ·  Flag as inappropriate

    It is great news about the te-design. Please consider re-designing the captcha to a more user friendly option.

  • Joe Corley commented  ·   ·  Flag as inappropriate

    I like the addition of being able to simply unlock your account using the SSPR tool without having to perform a full reset. However this addition has caused some confusion for out employees. There are now two questions asked: “I forgot my password” and “I know my password, but still can’t sign in”. Our employees are saying "I know my password and just want to change it." I know changing their password is not really a reset type function, but providing this third option that links to https://account.activedirectory.windowsazure.com/ChangePassword.aspx would help eliminate this confusion. We have a multi domain environment and we are in the middle of combining them and currently we have a number of users that cannot use CTRL+ALT+DELETE to change their password from a windows machine. This third option will be of great help to us.

  • Peter_Stapf commented  ·   ·  Flag as inappropriate

    Nice to hear, would be great if there will be more custom branding possible in the future.
    What about an CORS based solution like in Azure AD B2C where customers can modify the UI with custom HTML/CSS ?

  • Stephen Dart commented  ·   ·  Flag as inappropriate

    Password reset would benefit hugely if it could be integrated into the Azure Authenticator App instead of using SMS, Call, or alternative mail.
    This would make one place for all MFA.
    Currenly without the Authenticator app use, we cannot implement pass reset.

  • Nick Fields commented  ·   ·  Flag as inappropriate

    Count me in on this, it would really help in our consideration to replace our on premise Password reset tools with Azure SSPR

  • Peter Selch Dahl commented  ·   ·  Flag as inappropriate

    Support for Windows Hello would also be nice for verification from tha Azure Authenticator for password reset

Feedback and Knowledge Base