How can we improve Azure Active Directory?

← Azure Active Directory

Enable SSPR to reset Windows cached credentials

In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.

287 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Simon hoddinott shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

44 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Chris commented  ·   ·  Flag as inappropriate

    Other Programs already do this. If 3rd parties have figured it out, surely Microsoft can do this is they made the operating systems.

  • Samir commented  ·   ·  Flag as inappropriate

    As juju said, this is a major caveat.

    If user password expires there is no way to log back into the device.

  • juju commented  ·   ·  Flag as inappropriate

    Any update on this request ? This is really a must have...

    Hybrid AAD joined computers + COVID19 = SSPR cannot be easily used...

  • Anonymous commented  ·   ·  Flag as inappropriate

    The SSPR also should be able to reset the cached password on the mobile users laptop or other devices as well.

  • Hbaele commented  ·   ·  Flag as inappropriate

    And again... SSPR without cached credential change keeps on making your home use of your company controlled device unusable... Please provide a solution Microsoft!

  • Adam commented  ·   ·  Flag as inappropriate

    This is a much needed feature especially given the situation in the world. Can we get an update on this please?

  • Pab commented  ·   ·  Flag as inappropriate

    Any further updates on this? Listed as under review in December 2018. How long could this take to review?

  • Alex Wilhelmsen commented  ·   ·  Flag as inappropriate

    This case is listed on Azure AD top 5 idea's. This is not an idea but an operational problem. I would guess thousand of users out there has this problem. With Covid-19 you can multiply it with 19. In my company we get user with them weekly even if we are not meeting any of the general limitations. . For a non-specialized IT person these incidents makes no sense. Case has been reported to support again, cannot wait another 18 months for a case to be reviewed.

  • Anonymous commented  ·   ·  Flag as inappropriate

    We would love to have this. We have to have people change their password twice, once through SSPR or IT and then CTL-ALT-DEL

  • Jurgen Kusel commented  ·   ·  Flag as inappropriate

    Struggling to believe that this hasn't been implemented yet. Live accounts seem to be able to do this - surely that means that full paying customers would have equal or greater implementation.

    Agree with others, with the covid situation this is a timebomb which is about to explode.

  • Shane Farmer commented  ·   ·  Flag as inappropriate

    ManageEngine can do this now. Why not MS? I would like to move away from MangeEngine due to costs, but they provide so much from a functionality standpoint.

  • shreyance commented  ·   ·  Flag as inappropriate

    Please provde update.. this is really critical specially at times like this where the whole world is WFH now. And password reset is one of the biggest pain point off the network

  • Anonymous commented  ·   ·  Flag as inappropriate

    Covid-19 the world has gone remote at zero notice. The cached password has been a major headache for my entire IT career.

    Right now we empowering the fight back against covid-19 and Office 365 Teams is a massive help.

    Microsoft please fix the remote cache issue.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I don't think it would be too problematic or cumbersome for developers at MS.
    Azure AD connect uses a password agent which confirms password change. it would be great to have that also send a new kerberos token for updating cached credential.
    I believe MS has shell hooks which let you do that. Windows 10 can easily support it with minimal changes in hybrid join topology.

← Previous 1 3

Azure Active Directory: Self-Service Password Reset

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice