Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming



This step by step tutorial will take you through how to configure your Company Branding in Intune / Endpoint Manager.

It will also take you step by step through configuring Self Service Password Reset (SSPR) and how to enable Enterprise State Roaming.

This is Part 2 of a 13 part series.

=====================================================================

Welcome to part 2 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.

Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link - 
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link - This Tutorial 
3. Enable Conditional Access and MFA (Multi factor authentication) - Link
4. Configure Conditional Access Terms of Use - Link
5. Company Terms and Conditions - Link 
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link
7a. More information regarding options for configuring the MDM and MAM user scopes - Link 
8. Enrollment Status Page - Link
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link 
13. Test autopilot via register online - Link

If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on 
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link

=====================================================================

2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming

Company Branding is absolutely critical to the successful implementation of autopilot, and autopilot will actually fail if Company Branding is not configured correctly.
Check out this link to review the Windows Autopilot configuration requirements - Link

But of course, it also improves the user experience and looks good too!

======================================================================

How to configure your Intune Company Branding -

Log into the Azure Active Directory Portal - https://aad.portal.azure.com/
Select - Azure Active Directory



Company Branding

Configure

Upload a company image -
Note the Image size and types (Note the Banner logos is to be Transparent)

Upload the sign-in page background and Banner logo
Update the Sign-In page text

Note the user experience at the Sign-in screen
The Banner Logo image file type is to be Transparent (PNG is smaller image size), appears at the top.
The Sign-in page text appears at the bottom

Note -
You can edit the company branding by going to the same area.
You can then use advanced settings to customise the Sign-in page background colour and other options.

===============================================================

Now update the Company Branding for Autopilot -

This can be edited in Azure Active Directory.

Log in to Azure AD - Properties

Currently, the Name is intuneadminblog, which is the tenant name (intuneadminblog.onmicrosoft.com)

Change the name and save


===============================================================

User Experience during Autopilot
Note the sign-in page text is displayed on the Autopilot sign-in page during the OOBE initial boot.

The Autopilot experience will now display the updated user friendly Tenant Company name

======================================================================

Enable Enterprise State Roaming -

Azure AD - Devices -


Enterprise State Roaming -
Select - All
Save



======================================================================

Self Service Password Reset -

Note - Clients can reset their password at - https://aka.ms/sspr  
This process is for configuring SSPR - Self Service Password Reset for Cloud Only tenants (No local AD - Hybrid or Azure AD Connect)

Azure AD admin centre -
Password Reset

Select - All - Save   (Choose selected if you are testing to a targeted group only)
Select authentication methods and registration options Link
While in Password Reset 

 Select Authentication methods


 Set the number of methods to reset to 1

 Choose the Methods available to users that your organization wants to allow.

 Note that Mobile App Notification is available

 Select the options - 
- Mobile app code
- Email
- Mobile phone (SMS only)

Save - 
============================================================================
Registration -
Prompt for end user registration details
Note - Either administrators or end users themselves can register for SSPR.

 Ensure the settings are  (these are the defaults)- Require registration - Yes
- Number of days - 180


==========================================================
Notifications -
Set user and admin notifications to Yes - Save


===========================================================
Customization - 
Select Yes to customise the helpdesk URL
Enter the appropriate URL for your Helpdesk -
Save
==============================================================================


To see the manual registration process, open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/ssprsetup. Users should be directed to this registration portal when they next sign-in.

 Sign in with a non-administrator test user, such as testuser, and register your authentication methods contact information.

 Once complete, select the button marked Looks good and close the browser window.

 Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/sspr.

 Enter your non-administrator test users' account information, such as testuser, the characters from the CAPTCHA, and then select Next.

Enter user account information to reset the password


Follow the verification steps to reset your password. When complete, you should receive an e-mail notification that your password was reset.

===============================================================

Check out all my tutorials - Link 



Highlights include - 
13 part series on how to perform the initial Tenant and Intune Configuration - Link 

1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online

===============================================================

 

About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.

You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/ 
GitHub Repository - https://github.com/TeamTerry

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)