How can we improve Azure Active Directory?

← Azure Active Directory

Enable SSPR to reset Windows cached credentials

In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.

385 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Simon hoddinott shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

52 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • jd commented  ·   ·  Flag as inappropriate

    Can Windows Hello for Business help with this?

    "Windows Hello for Business supports user self-management of their PIN. If a user forgets their PIN, they have the ability to reset it from Settings or the lock screen"

    Does that need a VPN tunnel to check the password as part of the process?

  • Hansell, Derek commented  ·   ·  Flag as inappropriate

    Almost 2 years without an update. Teams has plenty of devs - maybe shift some back to the Identity side of the house?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on this feature? With COVID this is more of an issue with more and more remote workers that don't have line of sight to DCs.

  • Michael K commented  ·   ·  Flag as inappropriate

    Microsoft. C'mon guys! Please, get this rolling. I can't believe this wasn't included with the original SSPR rollout. If AAD DS can sync password/user info it should be able to sync kerberos tickets and update the local password as well.

  • Sal commented  ·   ·  Flag as inappropriate

    I am not sure why this is so difficult for Microsoft. Just like others have pointed out other companies have figured out how to do this. I guess i will renew my subscription to ADManager since Microsoft cannot figure out how to integrate their own platforms

  • Adam Smith commented  ·   ·  Flag as inappropriate

    Hi Guys, great idea and works great - to that point where it doesn't work. Please put this in

  • Chris commented  ·   ·  Flag as inappropriate

    Other Programs already do this. If 3rd parties have figured it out, surely Microsoft can do this is they made the operating systems.

  • Samir commented  ·   ·  Flag as inappropriate

    As juju said, this is a major caveat.

    If user password expires there is no way to log back into the device.

  • Anonymous commented  ·   ·  Flag as inappropriate

    The SSPR also should be able to reset the cached password on the mobile users laptop or other devices as well.

  • Hbaele commented  ·   ·  Flag as inappropriate

    And again... SSPR without cached credential change keeps on making your home use of your company controlled device unusable... Please provide a solution Microsoft!

  • Adam commented  ·   ·  Flag as inappropriate

    This is a much needed feature especially given the situation in the world. Can we get an update on this please?

  • Pab commented  ·   ·  Flag as inappropriate

    Any further updates on this? Listed as under review in December 2018. How long could this take to review?

  • Alex Wilhelmsen commented  ·   ·  Flag as inappropriate

    This case is listed on Azure AD top 5 idea's. This is not an idea but an operational problem. I would guess thousand of users out there has this problem. With Covid-19 you can multiply it with 19. In my company we get user with them weekly even if we are not meeting any of the general limitations. . For a non-specialized IT person these incidents makes no sense. Case has been reported to support again, cannot wait another 18 months for a case to be reviewed.

← Previous 1 3

Azure Active Directory: Self-Service Password Reset

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice