How can we improve Azure Active Directory?

Granular options for Self Service Password Reset Factors

It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.

1) Restrict what factors you can use based on trusted device, network location, etc.

2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.

3) Restrict by domain and have different rules per domains syncing up to the same tenant.

17 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Andy Sutton shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • JasonR commented  ·   ·  Flag as inappropriate

    I'll add my vote to #2 - different factors allowed for different groups (ie privileged users & end-users). I see there are a few separate entries in Uservoice for #1 - restricting ability to register for MFA from external networks

Feedback and Knowledge Base