Mindcore Tech and SSPR follow-up

Yesterday at our Mindcore Tech meeting, one of our test sceneries did not work as expected.

We did not get the reset password option on the Windows 10 insider build.

http://blog.mindcore.dk/2019/03/azure-ad-password-reset-on-login-screen.html

The reason behind was “just” some missing configuration in the lab we build during the meeting

In order to use  SSPR from the Windows 10 login page the computer must be Azure AD joined or Hybrid Azure AD joined, and our test computer was neither.

No SCP (service connection point) was created and the computer was in an OU not getting synchronized by Azure AD connect.

So first I moved the computer to the correct OU and setup SCP as shown here:

SCP in AD:

After some time status on the client changed:

And the required certificates gets inserted in the local computer certificate store:

And just like magic

Thanks  to all of you joining the Mindcore Tech meeting, and see you all next time

Lars Lohmann

+ posts

• Cross-tenant access with Azure AD External Identities
• Non-Destructive PIN reset
• Windows Hello for Business Cloud Trust
• SharePoint integration with Azure AD B2B