More Windows 10 1803! Password reset directly from the login screen of Windows 10 has been possible since Windows 10 1709, but only in a cloud-only scenario. This changed with 1803, and users having a hybrid Azure AD environment, are now able to offer this service to their users as well. (assuming they roll on the latest and greatest Windows 10 version). This guide explains what’s required in a Hybrid environment and how to leverage Configuration Manager to apply the proper configuration on the client.
For this to work, there are a few prerequisites:
- Windows 10 1803 or newer
- Password writeback enabled in Azure AD Connect
- Proper permissions in on-premise AD for the AAD Connect account
- Password reset enabled in Azure AD
- Enable password reset on the 1803 clients (in this scenario through ConfigMgr)