With the release of Azure Self Service Password Reset, it has been possible for users of Azure AD Joined Windows 10 1709 devices to reset their password from the login screen.

Earlier in the year, Microsoft hinted that the same capability would be offered to traditional domain joined devices starting with Windows 10 1803. True to their word, with the new Windows 10 1803 release, users with a hybrid Azure AD joined device can see and use a “Reset password” link on their login screen once their administrator has made some back-end configuration changes.

Requirements

To enable users this functionality, the following requirements need to be met:
• Windows 10 1803 or newer client hybrid Azure AD joined.
• Azure AD self-service password reset must be enabled.
• Configure and deploy the setting via Intune or a Registry key

Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AzureADAccount “AllowPasswordReset”=dword:00000001

Known limitations

This capability is not possible through a Remote Desktop session. When testing this functionality in a VM, ensure Enhanced Session is disabled.

One thought on “Azure Self Service Password Reset for Domain Joined computers at the Login Screen

Leave a Reply