Ensure the self-service password reset activity report is reviewed at least weekly
Why This Matters
The self-service password reset (SSPR) feature in Microsoft Entra ID allows users to reset forgotten passwords without administrator intervention. While this improves productivity, attackers who compromise an account often change its password to lock out the legitimate owner and maintain access. Reviewing SSPR activity at least weekly helps detect unauthorized password changes early, reducing the risk of account takeover.
What Aether365 Checks
This check verifies that the SSPR activity report has been reviewed at least once within the past seven days. It appears in the Aether365 dashboard under the entra-id checks section as ENTRA.1159.