Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Enable SSPR to reset Windows cached credentials

In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.

470 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Simon hoddinott shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

57 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Hey Microsoft. The folks at DXC are getting more and more customers with this exact issue as more customer attempt to adopt the Hybrid Azure AD version of modern. So unless Microsoft want to see the Modern story tainted with the most basic of IT support use cases, I suggest a more rapid development of a solution. Thanks

  • ll commented  ·   ·  Flag as inappropriate

    2,5 years later and nothing.... So sad how MS handles some ""killer features" that should be already implemented.

  • Anonymous commented  ·   ·  Flag as inappropriate

    In the smartworking era this feature is a "must have".
    Having one identity with two passwords is wrong.

    Windows Hello for Business seems not to completely resolve the problem because it should require Domain Controller connection to enroll the tool (so being in LAN for hybrid joined windows 10 devices).

    Thanks

  • jd commented  ·   ·  Flag as inappropriate

    Can Windows Hello for Business help with this?

    "Windows Hello for Business supports user self-management of their PIN. If a user forgets their PIN, they have the ability to reset it from Settings or the lock screen"

    Does that need a VPN tunnel to check the password as part of the process?

  • Hansell, Derek commented  ·   ·  Flag as inappropriate

    Almost 2 years without an update. Teams has plenty of devs - maybe shift some back to the Identity side of the house?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on this feature? With COVID this is more of an issue with more and more remote workers that don't have line of sight to DCs.

  • Michael K commented  ·   ·  Flag as inappropriate

    Microsoft. C'mon guys! Please, get this rolling. I can't believe this wasn't included with the original SSPR rollout. If AAD DS can sync password/user info it should be able to sync kerberos tickets and update the local password as well.

  • Sal commented  ·   ·  Flag as inappropriate

    I am not sure why this is so difficult for Microsoft. Just like others have pointed out other companies have figured out how to do this. I guess i will renew my subscription to ADManager since Microsoft cannot figure out how to integrate their own platforms

  • Adam Smith commented  ·   ·  Flag as inappropriate

    Hi Guys, great idea and works great - to that point where it doesn't work. Please put this in

  • Chris commented  ·   ·  Flag as inappropriate

    Other Programs already do this. If 3rd parties have figured it out, surely Microsoft can do this is they made the operating systems.

  • Samir commented  ·   ·  Flag as inappropriate

    As juju said, this is a major caveat.

    If user password expires there is no way to log back into the device.

  • Anonymous commented  ·   ·  Flag as inappropriate

    The SSPR also should be able to reset the cached password on the mobile users laptop or other devices as well.

  • Hbaele commented  ·   ·  Flag as inappropriate

    And again... SSPR without cached credential change keeps on making your home use of your company controlled device unusable... Please provide a solution Microsoft!

← Previous 1 3

Azure Active Directory: Self-Service Password Reset

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice