Granular options for Self Service Password Reset Factors
It would be nice to be able to configure self service password reset MFA with as much granularity as application MFA policies.
1) Restrict what factors you can use based on trusted device, network location, etc.
2) Specify different policies for different user groups. For example, administrative users who are not AAD administrators.
3) Restrict by domain and have different rules per domains syncing up to the same tenant.
We are currently working to address #2 – granular controls for which group of users can use which methods. We’ll keep you up to date as we make progress. Thanks!
Thank you Azure team!