Ensure that Active Directory users receive emails on their primary and alternate email addresses notifying them when their own password has been reset through the Azure AD Self-Service Password Reset (SSPR) portal.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Email notifications for Azure AD user password reset represents a passive way of confirming password reset activity. This method helps you and other users within your organization to recognize unauthorized password resets. Once "Notify users on password resets" feature is enabled, all Active Directory users that are resetting their password receive an email notifying them that their password has been changed.
Audit
To determine if "Notify users on password resets" feature is enabled in the Active Directory SSPR portal, perform the following actions:
Note: Retrieving email notifications configuration for Active Directory user password resets using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To enable email notifications for Active Directory (AD) user password resets using the Azure Self-Service Password Reset (SSPR) portal, perform the following actions:
Note: Enabling notification alerts for AD user password resets using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Notifications for User Password Resets
Risk level: Medium