How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (2024)

Let’s discuss how to Allow Entra Password Reset in Windows using Intune. Allow EntraPassword Reset is a setting in Azure Active Directory (AAD) that is Entra that enables self-service password reset (SSPR) for users. When this feature is enabled, users can reset their passwords without needing help from an IT administrator, making it easier to regain access to their accounts if they forget their password.

Two critical articles guide IT admins on enabling Self-Service Password Reset (SSPR) using Intune and Entra ID. The first article outlines SSPR options, core components, and server-side configuration for effective password management in Entra. The second article describes enabling SSPR on the Windows login screen via Intune policy, allowing users to reset their passwords directly from the sign-in screen, improving their overall Windows experience.

Entra provides multiple ways to verify a user’s identity before allowing a password reset, ensuring that only authorized users can reset passwords. Verification methods include email, phone, security questions, or multi-factor authentication (MFA).

One of our articles guides admins on setting up the policy and shows end-users how to change or reset their passwords. Azure AD’s self-service password reset (SSPR) covers three main areas: enabling SSPR, licensing requirements, and system setup.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (1)

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (2)

Table of Contents

What is the Purpose of the Allow Entra Password Reset Property?

What Format is Used for the Property Value?

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (4)

The property value format is an integer.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (5)

What Access Types are Available for this Property?

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (6)

The following access types are supported:
1. Add
2. Delete
3. Get
4. Replace

Windows CSP Details – AllowAadPasswordReset

The CSP policy in Windows allows administrators to set various policy configurations on Windows 10 and newer devices through mobile device management (MDM) tools such as Intune. This policy lets administrators manage user access to the self-service password reset (SSPR) feature, allowing it to appear directly on the Windows sign-in screen for Microsoft Entra accounts (previously known as AAD).

Property nameProperty value
Formatint
Access TypeAdd, Delete, Get, Replace
Default Value0
  • Enable Self Service Password Reset SSPR on Windows Login Screen using Intune Policy
  • Best Set of Updated Windows 11 Password Policies
  • Entra External ID Now Supports SMS as an MFA Option
  • MFA Authentication now Added to WhatsApp

How to Allow Entra Password Reset in Windows using Intune

This post provides a step-by-step guide on enabling Entra Password Reset in Windows using Intune. Using Intune, Microsoft’s device management solution, administrators can configure settings for self-service password reset so users can manage their passwords easily and securely.

  • Go tothe Intune Admin Centerportal
  • Go to Devices > Windows >Configuration > Create > New Policy
How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (8)

To create a new Intune profile, choose the Platform as Windows 10 and later. Then, set the Profile type to Settings catalog. Select the Create button from the window below.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (9)

Create a Profile to Allow Entra Password Reset

On the Basics page, enter a name for the configuration profile, such as “Allow Entra Password Reset.” You can also briefly describe it, like “Enable Entra password reset in Windows via Intune.” Once you’re finished, click Next to proceed.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (10)
  • New Native Support for Cross-Device Authentication on Windows Passkeys
  • New External Authentication Methods In Microsoft Entra ID
  • Microsoft Moves Per-User Multifactor Authentication to Entra ID for Easier Management

Configuration Settings

On the Configuration settings tab, select the + Add settings hyperlink. In the Settings Picker window, enter “Authentication” in the search bar to display 10 related settings. From this list, locate and choose Allow Allow Entra Password Reset.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (11)

Specifies whether password reset is enabled for Microsoft Entra accounts. This policy allows the Microsoft Entra tenant administrator to enable the self-service password reset feature on the Windows sign-in screen.

Authentication SettingsEnable or Allow
Allow Entra Password ResetToggle the pane to the Right side
How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (12)

Scope Tag and Assignments

In Intune, the Scope Tag and Assignment tabs are vital when creating or managing configuration profiles. The Assignment tab allows you to specify which groups or devices the configuration profile will apply to.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (13)

The Review + Create tab in Intune is the final step in creating or configuring a profile, policy, or other management settings. It provides a summary of all the settings and configurations you selected during the profile creation process.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (14)

Allow Entra Password Reset Policy Creation Status

After clicking the Create button, a pop-up notification will appear with the message “Policy Entra password reset created successfully.” The screenshot below shows more details.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (15)

Monitor the Device and User Check-in Status

You can see that the Allow Entra Password Reset policy has been created successfully, with 1 instance marked as succeeded. The below screenshot shows more details.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (16)

End User Experience – Client Side Verification – Allow Entra Password Reset Policy

You can check the Event Viewer logs to confirm if the Allow Entra Password Reset policy is enforced on Windows 10 or 11 devices managed by Intune. Look for Event IDs 813 and 814 to verify that the policy has been applied correctly.

  • Go to Event Viewer > Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.

MDM PolicyManager: Set policy int, Policy: (AllowAadPasswordReset), Area: (Authentication),
EnrollmentID requesting merge: (B1E9301C-8666-412A-BA2F-3BF8A55BFA62), Current User: (Device), Int:
(0x1), Enrollment Type: (0x6), Scope: (0x0).

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (17)

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Resources

Authentication Policy CSP | Microsoft Learn

Author

Anoop C Nairhas been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and leader of the Local User Group Community. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career,etc.

How To Allow Entra Password Reset In Windows Using Intune HTMD Blog (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Arline Emard IV

Last Updated:

Views: 5569

Rating: 4.1 / 5 (52 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Arline Emard IV

Birthday: 1996-07-10

Address: 8912 Hintz Shore, West Louie, AZ 69363-0747

Phone: +13454700762376

Job: Administration Technician

Hobby: Paintball, Horseback riding, Cycling, Running, Macrame, Playing musical instruments, Soapmaking

Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.