Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
218
Views
0
Helpful
1
Replies

Duo Authentication for Windows Logon with MS Reset Password

BrianCK
Level 1
Level 1

‎02-12-2025 01:46 PM

Just wondering if anyone has gotten the Microsoft "Reset Password" option working at the Windows 10/11 logon page (used for self-service password reset), when the Duo Authentication for Windows Logon (v4.3.0) is installed?

BrianCK_3-1739396729719.png

This Duo article (Can I enable other credential providers after installing Duo Authentication for Windows Logon?) mentions to add a registry setting to whitelist the GUID of the credential provider, but it does not seem to work until after logging in with Duo MFA.  Based on the list of credential providers (What Credential Provider settings are added to the Windows Registry after installing Duo for Windows Logon?), I used the Windows 10 PasswordProvider\LogonPasswordReset GUID, {8841d728-1a76-4682-bb6f-a9ea53b4b3ba}.  Unless it's not that one?

I added that GUID to ProvidersWhitelist under HKLM\SOFTWARE\Duo Security\DuoCredProv per the Duo article.

BrianCK_1-1739396557125.png

After a reboot, when I use the "Reset Password" on the Windows logon screen, it doesn't do anything.  If I then enter my password like normal, it says I need to be enrolled in Duo.  After clicking OK and typing my password (without choosing Reset Password), like I normally would, I get prompted for Duo MFA and then it goes to the MS reset password option before logging onto the workstation.

BrianCK_2-1739396665500.png

Is there anyway to get it to go to the reset password without having the correct pwd?  That is the point of the MS Reset Password.

 

Labels:
0 Helpful
1 Reply 1

BrianCK
Level 1
Level 1

‎02-24-2025 11:19 AM - edited ‎02-24-2025 11:23 AM

I submitted this to support, and the response is that SSPR at Windows Logon is not yet available.

The product team is still working with Microsoft to be able to chain Duo with the SSPR feature. I have already added you to this feature request.

Feature requests are prioritized in accordance with a number of factors, such as security enhancement, bug fixes, customer demand, and alignment with our product roadmap. While an exact ETA will not be available due to these priorities changing periodically, rest assured that your feedback is important to us, and we are continually working to improve and enrich the product.

The best way to be updated on the delivery of any feature is to subscribe to our Release Notes in the Community. Here’s how to do that:
https://duo.com/release-notes

This is a fairly important feature to allow users to use SSPR at Windows Logon so hopefully this gets fixed soon. 

For now, our hybrid env users will have to use a mobile device or another computer with access to an Internet browser to get to the MS SSPR URL (Microsoft Online Password Reset) and change from the cloud.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents