2086 FAQ Regarding MPR Notification

  • Published on Feb 6, 2026
  • 3 minute(s) read
  • VN
 Prev Next

  1. Does this affect AD groups?
    --> Incase MPR enabled: the device work normal, auto SM, password Sync, C/R at BL successfully
    --> Incase MPR not config( default): the device does not auto SM , it is required enter password(SD-47592), C/R at BL successfully
    I also found a new issue : SD-51924: Password Sync does not work after AD user changes Windows passwordClosed

  2. Does this affect work groups?( user local user)
    --> Incase MPR enabled: the device work normal, auto SM, password Sync, C/R at BL successfully
    --> Incase MPR not config( default) : the device does not auto SM , it is required enter password(SD-47592) password Sync, C/R at BL successfully

  3. What functions of SecureDoc is this affecting?
    --> this affecing about Password Sync, refer some issue relate:
    SD-47592: Auto SM does not work on Windows 11 24-H2 Insider Preview (26085.1)Resolved  
    SD-48087: 128683 - Password sync issues with v9.0 SR1Resolved

  4. What happens if MPR Notifications are disabled / unconfigured?
    -->  Auto SM does not work on windows 11_24h2 SD-47592: Auto SM does not work on Windows 11 24-H2 Insider Preview (26085.1)Resolved and the SD MPR notification shows when deployed on windowns 11 SD-50039: "Enable MPR notification..." pop-up should show when deploying SD on Windows 11 24H2 with the policy "Configure the transmission of the user's password in the content of MRP notifications sent by winlogon" DisabledClosed

  5. Why, what, where, how, risk assessment? (Link to Microsoft article)
    --> About the MPR notification : WindowsLogon Policy CSP
    --> Deprecated features in the Windows client Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in NPLogonNotify and NPPasswordChangeNotify APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the EnableMPRNotifications policy to enabled.

  6. As of what version of SecureDoc do I not need to configure this?
    --> we must configure this with the version of SD < 9.2sr1, and from  9.2SR1 The SD MPR notification will be remove and have option “Transparently substitute native Windows Log on UI for SecureDoc password sync” SD-51684: Remove annoying MPR notification for Win11Closed

  7. Will this ever be fixed?
    -->  We need the dev team to confirm if the issue can be fixed in a newer version; for now, the solution is to ask the admin to configure the GPO/registry as stated in the KB
    --> And starting from 9.2 SR1, the SD MPR notification will be removed, and a new option will be available in the profile : 'Transparently substitute native Windows Logon UI for SecureDoc password sync'. refer SD-51684: Remove annoying MPR notification for Win11Closed  


 Info: “Auto SM“ stand for “Secure moment“ ( The deploy state is 'Deployed' and user owner "Yes") 

Plaintext for customers: 

Frequently asked questions about MPR, password sync, safe moment

 Does this affect AD groups?
--> Incase MPR enabled: the device work normal, auto SM, password Sync, C/R at BL successfully
--> Incase MPR not config( default): the device does not auto SM , it is required enter password, C/R at BL successfully
“Auto SM“ stand for “Secure moment“ ( The deploy state is 'Deployed' and user owner "Yes") 
 

Does this affect work groups?( user local user)
--> Incase MPR enabled: the device work normal, auto SM, password Sync, C/R at BL successfully
--> Incase MPR not config( default) : the device does not auto SM , it is required enter password password Sync, C/R at BL successfully
“Auto SM“ stand for “Secure moment“ ( The deploy state is 'Deployed' and user owner "Yes")

What functions of SecureDoc is this affecting?
--> this affecing about Password Sync

What happens if MPR Notifications are disabled / unconfigured?
-->  Auto SM does not work on windows 11_24h2 
“Auto SM“ stand for “Secure moment“ ( The deploy state is 'Deployed' and user owner "Yes") 
 

Why, what, where, how, risk assessment? (Link to Microsoft article)
--> About the MPR notification : WindowsLogon Policy CSP https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications
--> Deprecated features in the Windows client Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in NPLogonNotify and NPPasswordChangeNotify APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a user's password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the EnableMPRNotifications policy to enabled.
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
https://learn.microsoft.com/en-us/windows/win32/api/npapi/nf-npapi-nplogonnotify
https://learn.microsoft.com/en-us/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify

As of what version of SecureDoc do I not need to configure this? 
On any current version it is needed. 
 

Will this ever be fixed? 
TBD
 

Related articles
  • 1849
    Knowledge Base Articles > All Articles > Part8
  • 1880
    Knowledge Base Articles > All Articles > Part8
  • 1647
    Knowledge Base Articles > All Articles > Part6