Microsoft Endpoint Manager – Reset Password from the Login Screen

Hi everyone again. In this blog I want to show you how easily you can configure self-service reset password with Microsoft Endpoint Manager. We will make SSRP portal link available from the login screen and users with cloud credentials can request password reset by themselves anytime they need without helpdesk involvement.

First, in Azure AD we need to specify a group of users that can use this feature. We can granularly control access to this feature or we can allow it to everyone. So, the very first step in to go to MEM console, then go to UsersPassword reset. Click Selected, then click on No groups selected and choose Azure AD security user group:

Click Select and Save:

The second step is optional, but highly recommended – password writeback.

This option allows Azure Active Directory to write changed password to on-premise Active Directory. In case of synchronized accounts from AD to Azure AD it just a must have option.  It means any time when user with synchronized account logs into Azure AD or on-premise AD will use the only one password.

To configure password writeback we need to run Azure AD Connect that we configured at the beginning:

Click Configure, then choose Customize synchronization options:

And click Next. On the next page of the wizard provide Azure AD global administrator credentials and click Next:

Skip Connect Directories and Domain/OU Filtering pages by clicking Next. On the Optional Features page choose Password writeback setting and click Next:

At the end of the wizard confirm you want to enable password writeback by clicking Configure:

After configuration completed click Exit:

We successfully configured password reset and password writeback, and now user can reset his password from password reset portal. Next step is to enable SSPR link on the login screen. Go to MEM consoleDevicesConfiguration profiles and click Create profile:

PlatformWindows 10 and later

Profile typeSettings catalog (preview)

And click Create. Give a name to your configuration profile and click Next:

On the Configuration settings page click +Add settings:

Then search for a password reset setting:

After successful search double click on Authentication, choose Allow Aad Password Reset setting and click Select all these settings:

On the left side of the page enable this option and click Next:

On the Assignments page click Add groups and choose a proper group of Azure AD users, click Select and then Next:

Then finish the wizard. After applying the policy on the device, you see new Reset password option on the login screen:

If you forgot or want to change your password click on Reset password link:

Then click Next. On Get back into your account page you need to choose the contact method you prefer:

Number of methods depends of how much information I have for this account in Azure AD. In my case I choose SMS with security code:

Click Next. Type a verification code you received and click Next:

Create your new password:






For further information, please click HERE to contact our support team.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.