Blog Post

Microsoft Entra Blog
2 MIN READ

Reset passwords from all the versions of Windows important to your business

Alex Simons (AZURE)'s avatar
Oct 04, 2018

Howdy folks!

 

We’ve heard from our customers that their users need to be able to reset their password from their sign in screen. I’m excited to announce that with the Azure AD self-service password reset (SSPR) users can now reset their password from the sign in screen of their Windows 7, Windows 8, Windows 8.1, and Windows 10 devices.

 

We know that password resets often account for a large portion of an organization’s helpdesk costs. SSPR can help drive down support costs by empowering users to reset their password on their own without needing to contact a helpdesk. To enable SSPR for your organization and take advantage of these new feature, follow the steps in our Quickstart guide.

 

Check out the details below to learn more about these awesome features.

 

Public preview of SSPR for Windows 7, Windows 8, and Windows 8.1 devices now available

 

We recently released the public preview of SSPR for Windows 7, Windows 8, and Windows 8.1. This greatly anticipated feature brings the SSPR experience to the sign in screen of any Windows 7, Windows 8, or Windows 8.1 device.

 

To try out this feature, make sure that SSPR is configured for your organization and that you’ve registered for SSPR at aka.ms/ssprsetup. Then, download and install the Microsoft Azure AD Password Reset add-in. After you install the add-in, you will see a “Forgot password?” link on your sign in screen. Click the link to begin the same password reset steps that you see when resetting your password through a web browser.

 

To learn more about this feature and how to enable it for your entire organization, check out our documentation.

 

Reset your password from your hybrid Azure AD-joined device

 

Last year, we announced that users can reset their password from their Windows 10 Azure AD-joined (AADJ) device as part of the Windows 10 Fall Creators Update. Now, as part of the Windows 10 April 2018 Update, we added the ability for users to reset their password from their Windows 10 hybrid AADJ device. This means that users who are on domain-joined devices and are also joined to Azure AD can reset their passwords from their sign in screen.

 

This feature, now generally available, can be enabled through a device configuration policy in Microsoft Intune or by configuring a registry key.  To get started, make sure your users have the Windows 10 April 2018 Update or a newer version of Windows 10. Next, follow the steps in our tutorial to enable password reset from the sign in screen. Once you follow these steps, users will see the “Reset password” link on their sign in screen and will be able to reset their password without having to place a call to your helpdesk.

 

As always, we’d love to hear any feedback or suggestions you have. Please let us know what you think in the comments below or send us an email at ssprfeedback@microsoft.com

 

Best Regards,

 

Alex Simons (Twitter: @alex_a_simons)

Corporate VP of Program Management

Microsoft Identity Division

Updated Jul 24, 2020
Version 9.0
  • Carl, SSPR for hybrid joined machines is only supported on the April 2018 update and newer. However, SSPR for AADJ machines is supported in 1709.

     

    Leon, thank you for pointing that out! We'll get the link fixed.

  • Carl Gann's avatar
    Carl Gann
    Copper Contributor

    Is there any way to enable this on Windows 10 1709 hybrid joined machines? 

  • Have you heard about customers having issues when they have a Deny All and then explicit enable users / groups to logon to computers? The suspicion is that they need to give a "default user" logon rights to all computers. They have this policy in place to make sure admin users don't logon and leave their admin credentials around on domain computers. 

  • Jan, I haven't heard of issues specific to that scenario, but I'm happy to help if you are running into that problem. Send me a Tech Community message with your email and I'll reach out. Thanks!

  • Jason Benway's avatar
    Jason Benway
    Iron Contributor

    I'm trying to test this with my own computer. I'm using the regedit method because we don't use intune yet.

    I can't get the forgot password to show up on the logon script. I'm using win 10 build 1803.

     

    thanks,jb

  • Hi Jason,

     

    Can you give me more details about your scenario? Send me a Tech Community message with your email and I'd be happy to discuss further.

     

    Thanks!

    Sadie

  • Is there any work ongoing to handle the expiry of Azure AD passwords more gracefully on a Windows client? I appreciate that the modern way to handle this is to not expire user passwords and to have a robust MFA / conditional access deployment, but some clients still insist on password validity periods.