Microsoft Endpoint Manager – Reset Password from the Login Screen

Hi everyone again. In this blog I want to show you how easily you can configure self-service reset password with Microsoft Endpoint Manager. We will make SSRP portal link available from the login screen and users with cloud credentials can request password reset by themselves anytime they need without helpdesk involvement.

First, in Azure AD we need to specify a group of users that can use this feature. We can granularly control access to this feature or we can allow it to everyone. So, the very first step in to go to MEM console, then go to UsersPassword reset. Click Selected, then click on No groups selected and choose Azure AD security user group:

Click Select and Save:

The second step is optional, but highly recommended – password writeback.

This option allows Azure Active Directory to write changed password to on-premise Active Directory. In case of synchronized accounts from AD to Azure AD it just a must have option.  It means any time when user with synchronized account logs into Azure AD or on-premise AD will use the only one password.

To configure password writeback we need to run Azure AD Connect that we configured at the beginning:

Click Configure, then choose Customize synchronization options:

And click Next. On the next page of the wizard provide Azure AD global administrator credentials and click Next:

Skip Connect Directories and Domain/OU Filtering pages by clicking Next. On the Optional Features page choose Password writeback setting and click Next:

At the end of the wizard confirm you want to enable password writeback by clicking Configure:

After configuration completed click Exit:

We successfully configured password reset and password writeback, and now user can reset his password from password reset portal. Next step is to enable SSPR link on the login screen. Go to MEM consoleDevicesConfiguration profiles and click Create profile:

PlatformWindows 10 and later

Profile typeSettings catalog (preview)

And click Create. Give a name to your configuration profile and click Next:

On the Configuration settings page click +Add settings:

Then search for a password reset setting:

After successful search double click on Authentication, choose Allow Aad Password Reset setting and click Select all these settings:

On the left side of the page enable this option and click Next:

On the Assignments page click Add groups and choose a proper group of Azure AD users, click Select and then Next:

Then finish the wizard. After applying the policy on the device, you see new Reset password option on the login screen:

If you forgot or want to change your password click on Reset password link:

Then click Next. On Get back into your account page you need to choose the contact method you prefer:

Number of methods depends of how much information I have for this account in Azure AD. In my case I choose SMS with security code:

Click Next. Type a verification code you received and click Next:

Create your new password:

Done!

 

 

 

 [/vc_column_text][/vc_column][/vc_row]

For further information, please click HERE to contact our support team.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=