Default Authorization Settings - Enabled Self service password reset for administrators
Why This Matters
Administrator accounts are high-value targets for attackers. When self-service password reset (SSPR) is enabled for administrators, it creates a potential weakness if an attacker compromises an admin's authentication methods. Administrators with sensitive roles should rely on phishing-resistant authentication methods rather than self-service password resets to reduce the risk of account takeover.
What Aether365 Checks
Aether365 verifies that the allowedToUseSSPR setting in the Entra ID authorization policy is set to false. This check appears in the Aether365 dashboard under the entra-id section.
How to Fix
To disable SSPR for administrators in your tenant: