How can we improve Azure Active Directory?

← Azure Active Directory

Enable SSPR to reset Windows cached credentials

In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.

247 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Simon hoddinott shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

38 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Adam commented  ·   ·  Flag as inappropriate

    This is a much needed feature especially given the situation in the world. Can we get an update on this please?

  • Pab commented  ·   ·  Flag as inappropriate

    Any further updates on this? Listed as under review in December 2018. How long could this take to review?

  • Alex Wilhelmsen commented  ·   ·  Flag as inappropriate

    This case is listed on Azure AD top 5 idea's. This is not an idea but an operational problem. I would guess thousand of users out there has this problem. With Covid-19 you can multiply it with 19. In my company we get user with them weekly even if we are not meeting any of the general limitations. . For a non-specialized IT person these incidents makes no sense. Case has been reported to support again, cannot wait another 18 months for a case to be reviewed.

  • Anonymous commented  ·   ·  Flag as inappropriate

    We would love to have this. We have to have people change their password twice, once through SSPR or IT and then CTL-ALT-DEL

  • Jurgen Kusel commented  ·   ·  Flag as inappropriate

    Struggling to believe that this hasn't been implemented yet. Live accounts seem to be able to do this - surely that means that full paying customers would have equal or greater implementation.

    Agree with others, with the covid situation this is a timebomb which is about to explode.

  • Shane Farmer commented  ·   ·  Flag as inappropriate

    ManageEngine can do this now. Why not MS? I would like to move away from MangeEngine due to costs, but they provide so much from a functionality standpoint.

  • shreyance commented  ·   ·  Flag as inappropriate

    Please provde update.. this is really critical specially at times like this where the whole world is WFH now. And password reset is one of the biggest pain point off the network

  • Anonymous commented  ·   ·  Flag as inappropriate

    Covid-19 the world has gone remote at zero notice. The cached password has been a major headache for my entire IT career.

    Right now we empowering the fight back against covid-19 and Office 365 Teams is a massive help.

    Microsoft please fix the remote cache issue.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I don't think it would be too problematic or cumbersome for developers at MS.
    Azure AD connect uses a password agent which confirms password change. it would be great to have that also send a new kerberos token for updating cached credential.
    I believe MS has shell hooks which let you do that. Windows 10 can easily support it with minimal changes in hybrid join topology.

  • Ben commented  ·   ·  Flag as inappropriate

    With the actual crisis its a must. You need to make this work Now or at least a preview

  • Hbaele commented  ·   ·  Flag as inappropriate

    Seems to be still under review? Ia m currently involved in a pilot project for a large customer (10000 users) and one of the pain points is indeed the update of the cached credentials...

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any kind of update or changes planned for this? We would like to use SSPR at the login screen and this reduces it's usefulness considerably for remote folks.

  • Stergiou VA (Vasilis) IT commented  ·   ·  Flag as inappropriate

    Any update on this? It seems strange that complementary solutions like ManageEngine ADManager Plus can do that. Lack of cached password update erodes the whole benefit of Azure SSPR.

← Previous 1

Azure Active Directory: Self-Service Password Reset

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice