You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-sspr-windows.md
+21-22Lines changed: 21 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,29 +21,10 @@ For machines running Windows 7, 8, 8.1, and 10 you can enable users to reset the
21
21
22
22
23
23
24
-
## General prerequisites
25
-
26
-
- An administrator must enable Azure AD self-service password reset from the Azure portal.
27
-
-**Users must register for SSPR before using this feature**
28
-
- Network proxy requirements
29
-
- Windows 10 devices
30
-
- Port 443 to `passwordreset.microsoftonline.com` and `ajax.aspnetcdn.com`
31
-
- Windows 10 devices only support machine-level proxy configuration
32
-
- Windows 7, 8, and 8.1 devices
33
-
- Port 443 to `passwordreset.microsoftonline.com`
34
-
35
24
## General limitations
36
25
37
26
- Password reset is not currently supported from a Remote Desktop or from Hyper-V enhanced sessions.
38
27
- This feature does not work for networks with 802.1x network authentication deployed and the option “Perform immediately before user logon”. For networks with 802.1x network authentication deployed it is recommended to use machine authentication to enable this feature.
39
-
40
-
## Windows 10 password reset
41
-
42
-
### Windows 10 specific prerequisites
43
-
44
-
- Run at least Windows 10, version April 2018 Update (v1803), and the devices must be either:
45
-
- Azure AD joined
46
-
- Hybrid Azure AD joined
47
28
- Hybrid Azure AD joined machines must have network connectivity line of sight to a domain controller to use the new password and update cached credentials.
48
29
- If using an image, prior to running sysprep ensure that the web cache is cleared for the built-in Administrator prior to performing the CopyProfile step. More information about this step can be found in the support article [Performance poor when using custom default user profile](https://support.microsoft.com/help/4056823/performance-issue-with-custom-default-user-profile).
49
30
- The following settings are known to interfere with the ability to use and reset passwords on Windows 10 devices
@@ -57,7 +38,21 @@ For machines running Windows 7, 8, 8.1, and 10 you can enable users to reset the
57
38
- The combination of the following specific three settings can cause this feature to not work.
58
39
- Interactive logon: Do not require CTRL+ALT+DEL = Disabled
59
40
- DisableLockScreenAppNotifications = 1 or Enabled
60
-
- IsContentDeliveryPolicyEnforced = 1 or True
41
+
- IsContentDeliveryPolicyEnforced = 1 or True
42
+
43
+
## Windows 10 password reset
44
+
45
+
### Windows 10 prerequisites
46
+
47
+
- An administrator must enable Azure AD self-service password reset from the Azure portal.
48
+
-**Users must register for SSPR before using this feature**
49
+
- Network proxy requirements
50
+
- Windows 10 devices
51
+
- Port 443 to `passwordreset.microsoftonline.com` and `ajax.aspnetcdn.com`
52
+
- Windows 10 devices only support machine-level proxy configuration
53
+
- Run at least Windows 10, version April 2018 Update (v1803), and the devices must be either:
54
+
- Azure AD joined
55
+
- Hybrid Azure AD joined
61
56
62
57
### Enable for Windows 10 using Intune
63
58
@@ -91,7 +86,6 @@ Deploying the configuration change to enable password reset from the login scree
The Azure AD audit log will include information about the IP address and ClientType where the password reset occurred.
@@ -102,8 +96,13 @@ When users reset their password from the login screen of a Windows 10 device, a
102
96
103
97
## Windows 7, 8, and 8.1 password reset
104
98
105
-
### Windows 7, 8, and 8.1 specific prerequisites
99
+
### Windows 7, 8, and 8.1 prerequisites
106
100
101
+
- An administrator must enable Azure AD self-service password reset from the Azure portal.
102
+
-**Users must register for SSPR before using this feature**
103
+
- Network proxy requirements
104
+
- Windows 7, 8, and 8.1 devices
105
+
- Port 443 to `passwordreset.microsoftonline.com`
107
106
- Patched Windows 7 or Windows 8.1 Operating System.
108
107
- TLS 1.2 enabled using the guidance found in [Transport Layer Security (TLS) registry settings](https://docs.microsoft.com/windows-server/security/tls/tls-registry-settings#tls-12).
109
108
- If more than one 3rd party credential provider is enabled on your machine, users will see more than one user profile on the login screen.
0 commit comments