Applies to: Nerdio for Azure (NFA) AVD
This article is intended for partners looking to afford Self Service Password Reset (SSPR) in AVD environments (if the environment is RDS - this article does not apply - click here). It is required to have a proper implementation and understanding of MFA in a Nerdio environment prior to enabling writeback functionality.
By default Nerdio orchestrates an environment that includes a domain controller. The domain controller, DC01, has the role of running ADConnect which provides synchronization to Microsoft Entra ID for managed domains. In order to allow for SSPR writeback functionality needs to be enabled for both the AD and Entra ID. This feature is something that can be enabled and modified by the partner to achieve SSPR. Nerdio, by default, does not support or have writeback functionality enabled.
Licensing
In order to allow for SSPR, a minimum license of Microsoft Entra ID Premium P1 or Microsoft Entra ID P2 is required. Those entitlements can be licensed per user and are a good compliment with AVD environments and the use of M365 E3 or E5 which include a P1 or P2 entitlement. M365 Business will require the minimum purchase of a P1 license to allow for SSPR.
Enabling Writeback functionality
The following documentation from Microsoft will enable and allow for the set and configuration of writeback functionality between Microsoft Entra Connect and Microsoft Entra ID.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-writeback
User Registration
Once configured, users will need to register their method for SSPR. The link is a guide from Microsoft explaining registration and the methods available to end users.
It is also possible to have users pre-registered by partners in order to limit end user engagement. The following link from Microsoft will provided instructions to pre-register users with the minimum required user information.
Comments (0 comments)