In this blog post, we will cover the steps to enable the Windows 10 Password Reset feature for SSPR (Self Service Password Reset) For more information you can visit the docs.microsoft link [Here]
NOTE: For this to work you will have already needed to have set up Self Service Password Reset [Setup Here]
Windows 10 Pre Configuration Requirements
Creating the Intune Device Configuration Profile
From the Endpoint Manager portal [https://endpoint.microsoft.com/], You will want to create a new device configuration profile by going to Device configuration > Profiles, then select + Create Profile.
Define the Policy Name.
Under the Configuration Settings:
Select Add and provide the following OMA-URI setting to enable the reset password link: Provide a meaningful name to explain what the setting is doing, such as Add SSPR link. Optionally provide a meaningful description of the setting. OMA-URI set to ./Vendor/MSFT/Policy/Config/Authentication/AllowAadPasswordReset Data type set to Integer Value set to 1
For Assignments, As we want this to apply globally to all devices we can choose the “All Devices” Group.
You can configure the Applicability Rules as you need, For this example I left them blank.
Testing Self Service Policy
From the Windows 10 Logon Screen we can now see a “Reset Password” option.
Clicking on the Reset Password, Starts the recovery process.
Next we can choose the recovery method, Emails, SMS.
Enter the recovery code.
Enter a new password.
Password Reset Complete.