Enable SSPR to reset Windows cached credentials
Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.
Hey folks! Thank you for your feedback. We are reviewing this ask and will keep you up to date on our findings. We have also added information about this limitation in our documentation. Thank you!
Other Programs already do this. If 3rd parties have figured it out, surely Microsoft can do this is they made the operating systems.
As juju said, this is a major caveat.
If user password expires there is no way to log back into the device.
Any update on this request ? This is really a must have...
Hybrid AAD joined computers + COVID19 = SSPR cannot be easily used...
The SSPR also should be able to reset the cached password on the mobile users laptop or other devices as well.
We are unable to use SSPR until this is fixed
And again... SSPR without cached credential change keeps on making your home use of your company controlled device unusable... Please provide a solution Microsoft!
Dave Morin commented
Any update, in evaluation since 2018. We would really need this.
This is a much needed feature especially given the situation in the world. Can we get an update on this please?
Any further updates on this? Listed as under review in December 2018. How long could this take to review?
Any update since we cant find any updates around SSPR specifically
@Azure AD Team (Product Owner, Microsoft Azure) any update ?
Alex Wilhelmsen commented
This case is listed on Azure AD top 5 idea's. This is not an idea but an operational problem. I would guess thousand of users out there has this problem. With Covid-19 you can multiply it with 19. In my company we get user with them weekly even if we are not meeting any of the general limitations. . For a non-specialized IT person these incidents makes no sense. Case has been reported to support again, cannot wait another 18 months for a case to be reviewed.
Any updates on this from Microsoft? Last note on the case is from 2018...
We would love to have this. We have to have people change their password twice, once through SSPR or IT and then CTL-ALT-DEL
Jurgen Kusel commented
Struggling to believe that this hasn't been implemented yet. Live accounts seem to be able to do this - surely that means that full paying customers would have equal or greater implementation.
Agree with others, with the covid situation this is a timebomb which is about to explode.
Shane Farmer commented
ManageEngine can do this now. Why not MS? I would like to move away from MangeEngine due to costs, but they provide so much from a functionality standpoint.
Please provde update.. this is really critical specially at times like this where the whole world is WFH now. And password reset is one of the biggest pain point off the network
Covid-19 the world has gone remote at zero notice. The cached password has been a major headache for my entire IT career.
Right now we empowering the fight back against covid-19 and Office 365 Teams is a massive help.
Microsoft please fix the remote cache issue.
I don't think it would be too problematic or cumbersome for developers at MS.
Azure AD connect uses a password agent which confirms password change. it would be great to have that also send a new kerberos token for updating cached credential.
I believe MS has shell hooks which let you do that. Windows 10 can easily support it with minimal changes in hybrid join topology.
Danny C commented
we need this feature, other products already have it. Let's go !