Enable SSPR to reset Windows cached credentials
Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we see and is vital we get addressed. As it stands we'll have to look for third party tools to assist us.
Hey folks! Thank you for your feedback. We are reviewing this ask and will keep you up to date on our findings. We have also added information about this limitation in our documentation. Thank you!
This is a much needed feature especially given the situation in the world. Can we get an update on this please?
Any further updates on this? Listed as under review in December 2018. How long could this take to review?
Any update since we cant find any updates around SSPR specifically
@Azure AD Team (Product Owner, Microsoft Azure) any update ?
Alex Wilhelmsen commented
This case is listed on Azure AD top 5 idea's. This is not an idea but an operational problem. I would guess thousand of users out there has this problem. With Covid-19 you can multiply it with 19. In my company we get user with them weekly even if we are not meeting any of the general limitations. . For a non-specialized IT person these incidents makes no sense. Case has been reported to support again, cannot wait another 18 months for a case to be reviewed.
Any updates on this from Microsoft? Last note on the case is from 2018...
We would love to have this. We have to have people change their password twice, once through SSPR or IT and then CTL-ALT-DEL
Jurgen Kusel commented
Struggling to believe that this hasn't been implemented yet. Live accounts seem to be able to do this - surely that means that full paying customers would have equal or greater implementation.
Agree with others, with the covid situation this is a timebomb which is about to explode.
Shane Farmer commented
ManageEngine can do this now. Why not MS? I would like to move away from MangeEngine due to costs, but they provide so much from a functionality standpoint.
Please provde update.. this is really critical specially at times like this where the whole world is WFH now. And password reset is one of the biggest pain point off the network
Covid-19 the world has gone remote at zero notice. The cached password has been a major headache for my entire IT career.
Right now we empowering the fight back against covid-19 and Office 365 Teams is a massive help.
Microsoft please fix the remote cache issue.
I don't think it would be too problematic or cumbersome for developers at MS.
Azure AD connect uses a password agent which confirms password change. it would be great to have that also send a new kerberos token for updating cached credential.
I believe MS has shell hooks which let you do that. Windows 10 can easily support it with minimal changes in hybrid join topology.
Danny C commented
we need this feature, other products already have it. Let's go !
With the actual crisis its a must. You need to make this work Now or at least a preview
Seems to be still under review? Ia m currently involved in a pilot project for a large customer (10000 users) and one of the pain points is indeed the update of the cached credentials...
Any kind of update or changes planned for this? We would like to use SSPR at the login screen and this reduces it's usefulness considerably for remote folks.
Stergiou VA (Vasilis) IT commented
Any update on this? It seems strange that complementary solutions like ManageEngine ADManager Plus can do that. Lack of cached password update erodes the whole benefit of Azure SSPR.
any news about this Azure AD Team?
Very basic feature to be incorporated with Azure SSPR
Is there an update on this?
SSPR with Hybrid AD and many remote users (no VPN) is almost useless without also updating the local cached credentials! Very poor end-user experience and far too confusing to try to explain.