Ensure That 'Number of methods required to reset' is set to '2'
Why This Matters
Requiring only one authentication method for password reset creates a significant security gap. If an attacker compromises a single method, such as a phone or email account, they can maliciously reset the user's password and gain unauthorized access. By mandating two distinct methods, you force an attacker to compromise multiple layers of identity verification, which dramatically reduces the risk of account takeover.
What Aether365 Checks
Aether365 verifies that the "Number of methods required to reset" setting in Microsoft Entra ID is configured to require two authentication methods for self-service password reset (SSPR). This check appears in your Aether365 dashboard under the entra-id checks category.