Microsoft Entra ID Self-Service Password Reset Link does not work with Defender Desktop Login is installed (4383083)

Microsoft Entra ID Self-Service Password Reset Link does not work with Defender Desktop Login is installed

In environments where Microsoft Entra ID SSPR is configured, Windows endpoints display a "Reset Password" link at the logon screen. On machines without the Defender Desktop/GINA client, clicking this link launches the Entra SSPR portal in a separate window, allowing users to verify their identity and reset their password independently.

After installing the Defender Desktop/GINA client, the link remains visible at the logon screen but produces no response when clicked. No error message or popup is displayed. This behavior is consistent across all users on Defender-protected endpoints, regardless of domain, and affects environments with Entra ID using Microsoft Entra Connect (formerly Azure AD Connect), including configurations with password writeback enabled.

Changing the Credential Provider Filter setting in GINA Configuration (Options tab) to "Allow all Credential Providers" does not restore the Reset Password link functionality and may instead cause the link to disappear entirely from the logon screen.

Enabling LDAPS (port 636) on the Defender Security Server, as described in KB 4263675, addresses Defender's own lock-screen password reset flow against Active Directory but does not affect the Entra SSPR integration, as these are two separate workflows.

The Defender Desktop Login client replaces the default Windows credential provider with a Defender Credential Provider. In doing so, it does not pass through or invoke the Windows/Entra "Reset Password" handler that the native Windows credential provider would normally trigger. There is currently no integration between the Defender GINA and the Microsoft Entra SSPR flow.

STATUS:

Enhancement request # 706822 has been raised for consideration subject to approval by Defender Product management.

WORKAROUND:

There is currently no configuration or workaround within Defender that restores the Entra SSPR link behavior at the Windows logon screen.

• Direct users to proactively reset their passwords via the Entra SSPR URL (e.g., https://aka.ms/sspr) before expiry.
• For locked-out users, Contact your help desk for assistance with the password reset.

 

706822