Forum Discussion
[FIXED] How to prevent sign in page from asking new users for additional security verification
HotCakeX This prompt would be from the self-service password reset functions in AAD. If you attempt to disable it, then users would not be able to reset their own password.
If you want to try, in AzureAD set Self Service Password Reset to either select or none. Then redo the join.
The prompt will still appear if you require AzureAD MFA as well. When you join a PC, it will MFA the user.
Cheers
Craig
- HotCakeXNov 11, 2019MVP
I also checked out this place
Everything looks fine here too.
is there any other place I can check? I have no idea why it's still telling me that my organization needs additional information.
by the way, I'm using trial 1 month subscription for Office 365 Business Premium.
- CraigWilson_Nov 11, 2019Brass Contributor
In Windows 10 version 1803 Microsoft introduced a setting that required accounts to have a password reset option. The setting was forced for Admin accounts. This could be what is impacting you. The settings you have shown are the correct ones for disabling self-service password reset.
The method to get around the local admin being forced was to create a local user first on the workstation, then disable the local policy. This would not work on a clean install as someone would have to login first.
How are you deploying Windows 10 is it via autopilot?
You could try setting the account up for password reset then try the Windows 10 again? You should be able to do this by assigning a user a mobile number in Azure AD.
I will try a few things later today and see if I can get the around the prompt.
Cheers
Craig
- HotCakeXNov 11, 2019MVPThank you very much,
I haven't deployed it anywhere, just testing it on my local machine but I will try it on Hyper-V VM soon and report back.
this time i will signing into my AAD account instead during the first Windows setup screen and will choose a non-insider build.
- HotCakeXNov 11, 2019MVPSpoiler
CraigWilson_ wrote:HotCakeX This prompt would be from the self-service password reset functions in AAD. If you attempt to disable it, then users would not be able to reset their own password.
If you want to try, in AzureAD set Self Service Password Reset to either select or none. Then redo the join.
The prompt will still appear if you require AzureAD MFA as well. When you join a PC, it will MFA the user.
Cheers
Craig
Hi CraigWilson_
Thank you,
so I went to my Azure Active Directory Admin Center
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/PasswordResetand it was set to "none" by default
And then I saw this notice:
- "These settings only apply to end users in your organization. Admins are always enabled for self-service password reset and are required to use two authentication methods to reset their password. Click here to learn more about administrator password policies."
So I think end-users are normal/standard/non-admin users.
so far everything is set correctly, right?
but I am still getting this message!