Granular options for Self Service Password Reset Factors
It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.
1) Restrict what factors you can use based on trusted device, network location, etc.
2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.
3) Restrict by domain and have different rules per domains syncing up to the same tenant.
We are currently working to address #2 – granular controls for which group of users can use which methods. We’ll keep you up to date as we make progress. Thanks!
I'll add my vote to #2 - different factors allowed for different groups (ie privileged users & end-users). I see there are a few separate entries in Uservoice for #1 - restricting ability to register for MFA from external networks
Thank you Azure team!