Dynamic Feedback UI for Entra ID

Organizations managing user devices through the cloud-based Microsoft Intune and Entra ID systems (i.e. not on-prem Active Directory) can present the Dynamic Feedback UI at password change to their users using an add-on. This is possible even though user's devices are not joined to the domain.

The add-on leverages functionality in the Specops Authentication platform to present the Dynamic Feedback UI via a web browser. Users can securely verify themselves using a Trusted Network Location and One-Time Password (OTP) sent via SMS or Corporate Email, followed by their password, after which they can change their password aided by the Dymaic Feedback UI using the traffic light system. In order to set this up, administrators will have to download and set up a Gatekeeper and configure settings in Authentication Web, as well as configure Intune. Please speak to your account manager to enable the add-on.

Basic configuration

  1. Make sure you've installed the Gatekeeper Administration Tool, and have set up the Gatekeeper correctly. Optionally, also install the Specops Client. For more information on the installation process, please refer to the uReset installation instructions.
  2. In Specops Authentication Web, go to Policies in the left navigation, then click the Configure button in the Admin section and configure an admin policy to include one or more of the following identity services:
    NOTE
    More identity services can be added, depending on your package. Please contact your account manager for more information.

    More information on Administrator enrollment can be found here.

  3. In Specops Authentication Web, go to uReset in the left navigation, then click the Change Password tab. Click on Edit Authentication Rules. There, configure a change password policy to include one or more of the following identity services:
    NOTE
    More identity services can be added, depending on your package. Please contact your account manager for more information.
  4. Deploy the Specops Client using Intune.
    NOTE
    This requires using the Specops Authentication Entra ID ADMX templates. More information on the ADMX templates can be found here.
  5. Create an Intune Configuration policy that disables the “Change Password” option in the ctrl-alt-del menu and enables the Specops Change Password shortcut in the start menu.
NOTE
The add-on can be used without the Specops Client by deploying a "Change Password" shortcut directly to the desktop.