You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more).

Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10 AD Joined).

For Windows 7, 8 and 8.1 you need to download and deploy the SSPR add-in available here https://aka.ms/sspraddin (off course you should deploy it either using GPO [this add-in is available in MSI package] or SCCM [or any other software deployment solution you use])

For those who know/use ForeFront Identity Manager (FIM) or the previous version Microsoft Identity Manager (MIM) this is an adaptation of the self-service password reset component.

NOTE good point, there is no need for a reboot Smile

image

Then once deployed, your end-user will have the ‘Forgot your password’ link which then will launch a wizard to let them reset their password.

imageimageimageimage

Also, for Windows 10 AD Joined (aka domain joined) the feature becomes also available – well it was already there (if you read my earlier post). To deploy the capability you need to use:

  • either a GPO to deploy the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AzureADAccount

“AllowPasswordReset”=dword:00000001

OMA-URI: ./Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset

Data type: Integer

Value: 1

image

NOTE this is officially supported for Windows 10 with April 2018 update or later

Leave a Comment

2 × three =

This site uses Akismet to reduce spam. Learn how your comment data is processed.