Azure AD password reset from the Windows login screen

With the new Windows 10 April 2018 Update it is now possible to reset your passwords from the Windows 10 login screen from an Azure AD joined or a hybrid Azure AD joined devices.

When users click this link, they are brought to the same self-service password reset (SSPR) experience they are familiar with.

Prerequisites

  • Windows 10 April 2018 Update, or newer
  • A Windows 10 client that is Azure AD joined or Hybrid Azure AD joined
  • Azure AD self-service password reset must be enabled

How to set it up

First you’ll need to sign-in to the Microsoft 365 Device Management portal and then Device configuration

Create a new device configuration profile by clicking Profiles -> Create Profile

  • Enter a name for the profile
  • Optionally provide a description
  • Choose ‘Windows 10 and later’ as platform
  • Choose ‘Custom’ as profile type

Add the following OMA-URI setting to enable the Reset password link

  • Enter a name to explain what the setting is doing
  • Optionally provide a description
  • OMA-URI set to ./Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset
  • Data type set to Integer
  • Value set to 1

Click OK -> OK -> Create