Ensure that Microsoft Entra ID global administrators receive emails on their primary email address notifying them when other administrators reset their password using the Microsoft Entra ID Self-Service Password Reset (SSPR) portal. When "Notify all admins when other admins reset their password?" setting is set to "Yes", all Microsoft Entra ID administrators receive emails notifications alerting them that another administrator has changed their password via the SSPR.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Security When Microsoft Entra ID detects password reset activity for admin users, email notifications are sent to all administrators to make sure that these privileged users can passively confirm if such a reset is a common pattern within their group. For example, if your organization password policy requires to change all administrator passwords every 30 days, any password reset activity detected before that may require administrator(s) to evaluate it as unusual activity and confirm its origin in order to ensure that the reset action is authorized.
Audit
To determine if Microsoft Entra ID administrators are notified on password resets, perform the following actions:
Note: Getting the email alert configuration for Microsoft Entra ID admin password resets using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To enable notification alerts for Microsoft Entra ID administrator password resets, perform the following actions:
References
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Notify All Admins When Other Admins Reset Their Password
Risk Level: High