Users who are not registered with Password Manager may have need to unlock their AD accounts prior to registration.
The default “Unlock My Account” workflow requires the user to answers questions from their Q&A profile. This requirement needs to be removed since an unregistered user does not have a Q&A profile set up. However once this is removed then the user doesn’t have to authenticate before their account is unlocked and this could be a potential security issue.
Therefore it is recommended to substitute the requirement to authenticate with the users Q&A profile with the requirement to authenticate via the phone, defender, with a password or with a passcode.
For the purpose of this KB article “Authenticate via phone” will be used.
Navigate to the PMAdmin | Home | <Management Policy>
At this point the workflow is updated.
To make the workflow visible to unregistered users.
Test that the new workflow does as expected.