Enable Self Service Password Reset from Windows 10 Sign In Screen
Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.
Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.
We recognize that for users who can’t remember their password, it’s a challenge to log in let alone use a browser to reset your password. So we listened and came up with the self-service password reset from the lock screen feature.
How does it work?
By updating to RS3 and setting the MDM policy, the users of the Azure AD joined devices in your enterprise will see a “Forgot password” link on their lock screen. If they click it, it launches the SSPR flow directly from their lock screen.
What’s coming in the future?
We are actively working to bring the same SSPR from lock screen feature to the hybrid AADJ machines. We anticipate this feature will release with the Spring 2018 Windows 10 update.
For more information, please go to this post: https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/resetting-passwords-on-azure-ad-joined-devices-is-much-easier-with-the-latest-windows-update/.
Very much needed for our students !!!!
Our school computers are NOT AADJ only AD joined !!
Glenn Jefferson commented
This will be great if/when it can support Windows 10 domain joined machines and also Win 7/8 domain joined machines too!
Here by the instructions for Enterprise users with federated accounts:
W10 version 1709
Pw writeback policy
Azure AD Premium
John F commented
It is an option with 1709 but only with Azure AD Joined devices. Not hybrid or traditional AD joined. Just need to enable a couple reg keys or an Intune policy to do it and the option will appear.
added with 1709 -> ist that option also usable within a domain ?
Abdul Khan commented
This is a very needed solution. The 3rd party versions are ****. MIM has its sspr that doesn't sync with azure sspr. So it is no point for an organization to instruct its users to register with azure sspr and then again with mim sspr. You don't have two solutions for the same issue! Please implement this as we are still waiting. Large organizations could really use this.
Steve Whitcher commented
I believe this was supposed to be included in Windows 10 v1709, but looking at the "what's new" page I see that it only lists the ability to reset a Microsoft Account password from the lock screen, not an AzureAD account password. I wonder if it was delayed?
Any chanse this feature will be available?
Bart De Vos commented
Any update on this. 2 years have passed. Would be a very nice feature for us, installing FIM onprem seems overkill for this).
It is very interesting as MS already implemented it. Without noticing here:
It is part of Azure AD Premium (you need FIM onpremise where license is in Azure AD Premium)
Jolie Morris commented
When would that be added? I am expecting that. On password reset, I found this helpful: http://www.isumsoft.com/windows-10/how-to-reset-windows-10-forgotten-password-with-usb.html
Alan Armstrong commented
Any updates on this? July 2015 was the last update from MS.
Jacob Ludriks commented
this would be awesome.
Hope this feature being added in the next release soon. I forgot my password and find it hard to reset it unless came across this tutorial: https://www.recoverywindowspassword.com/reset-forgotten-windows-10-login-password.html
This would make life easier for our users. Now they have one old cached password for the computer and one for VPN/Mail/ other AD applications. Any timeplan?
Chris Tybo commented
Has this been added yet? This would be highly valuable.
Jacob Ludriks commented
it would be great to have this.
I would have to agree that it would be easier for the user to do it at login screen versus having to get into settings and then go to change password and then having to log into the azure portal website. Seems like too many steps for something simple.
Microsoft, please provide an update if this is even on a roadmap.
Chris Moore commented
The most straight forward way to enable this would be to support utilising the FIM/MIM extensions, but with Azure AD password reset instead of needing the full MIM infrastructure.
Having an online WCF service for AAD password reset that the FIM/MIM client extensions can point to, would be the quickest (but perhaps not the best) way of enabling this.