Enable Self Service Password Reset from Windows 10 Sign In Screen
Azure AD self service password reset works great. The issue being if a user cannot log on they haven't a browser to access the portal easily.
Can the reset portal be integrated with a "Forgotten my password" link on the Sign In screen. Azure AD join integrates with web based services such as MFA so it hopefully the foundations are there.
You can now enable password reset from the lock screen of a Windows 10 Azure AD joined machine. Check out the instructions here: https://docs.microsoft.com/azure/active-directory/active-directory-passwords-login.
The Windows 10 RS4 includes support for hybrid Azure AD joined machines.
Let us know what you think!
Sadie Henry (sahenry)
Ahmad Habib commented
Thank you for this functionnality which is very important to us (100k users).
I run into a weird behavior, just wanted your output on this please.
When resetting password outside the enterprise network, the SSPR process will end successfully but the user will not be able to login into the laptop's session with the new password set.
So at this point the user is able to reset it's password but not able to login with this new one.
Is there something we missed ?
Chan Jack commented
An example for how to bypass Windows 10 login password:
Is this supported when used in conjunction with 802.1x secured networks when using SSO credentials and and the "Perform immediately before User Logon" option in the Windows supplicant? How is access to the network granted to perform the password reset functionality?
Is this supported on Windows 10 LTSB (1607) with hybrid Azure AD joined computers?
It doesn't seem to work out of the box, is there an update that can be applied to enable it for example?
That would be great if Redstone 4 allows hybrid Azure AD joined computers to do this. I've been waiting on this for a while and will be able to eliminate a 3rd party tool when this happens.
Steve Whitcher commented
Sadie - Is the process the same to enable this on hybrid joined computers running RS4?
Or is there documentation on what is required for that scenario?
Would this helps to update local credential for system as well?
Is RS4 going to include Hybrid AAD joined SSPR functionality at the lock screen? It's insane that MSFT hasn't put this functionality in yet! It is literally a webpage embedded in the GINA file, why the **** is Azure Joining even a requirement at that point?
Any updates on Hybrid AAD joined devices being able to leverage this functionality?
Very much needed for our students !!!!
Our school computers are NOT AADJ only AD joined !!
Glenn Jefferson commented
This will be great if/when it can support Windows 10 domain joined machines and also Win 7/8 domain joined machines too!
Here by the instructions for Enterprise users with federated accounts:
W10 version 1709
Pw writeback policy
Azure AD Premium
John F commented
It is an option with 1709 but only with Azure AD Joined devices. Not hybrid or traditional AD joined. Just need to enable a couple reg keys or an Intune policy to do it and the option will appear.
added with 1709 -> ist that option also usable within a domain ?
Abdul Khan commented
This is a very needed solution. The 3rd party versions are ****. MIM has its sspr that doesn't sync with azure sspr. So it is no point for an organization to instruct its users to register with azure sspr and then again with mim sspr. You don't have two solutions for the same issue! Please implement this as we are still waiting. Large organizations could really use this.
Steve Whitcher commented
I believe this was supposed to be included in Windows 10 v1709, but looking at the "what's new" page I see that it only lists the ability to reset a Microsoft Account password from the lock screen, not an AzureAD account password. I wonder if it was delayed?
Any chanse this feature will be available?
Bart De Vos commented
Any update on this. 2 years have passed. Would be a very nice feature for us, installing FIM onprem seems overkill for this).
It is very interesting as MS already implemented it. Without noticing here:
It is part of Azure AD Premium (you need FIM onpremise where license is in Azure AD Premium)
Jolie Morris commented
When would that be added? I am expecting that. On password reset, I found this helpful: http://www.isumsoft.com/windows-10/how-to-reset-windows-10-forgotten-password-with-usb.html