You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more).
Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10 AD Joined).
For Windows 7, 8 and 8.1 you need to download and deploy the SSPR add-in available here https://aka.ms/sspraddin (off course you should deploy it either using GPO [this add-in is available in MSI package] or SCCM [or any other software deployment solution you use])
For those who know/use ForeFront Identity Manager (FIM) or the previous version Microsoft Identity Manager (MIM) this is an adaptation of the self-service password reset component.
NOTE good point, there is no need for a reboot
Then once deployed, your end-user will have the ‘Forgot your password’ link which then will launch a wizard to let them reset their password.
Also, for Windows 10 AD Joined (aka domain joined) the feature becomes also available – well it was already there (if you read my earlier post). To deploy the capability you need to use:
- either a GPO to deploy the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AzureADAccount
“AllowPasswordReset”=dword:00000001
- or Intune to deploy a device configuration policy (see my previous post https://t.co/LW060QqgGV)
OMA-URI: ./Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset
Data type: Integer
Value: 1
NOTE this is officially supported for Windows 10 with April 2018 update or later