Hi @EnterpriseArchitect • Thank you for reaching out.
As of now the only option to configure which users can reset their passwords using Azure, is available under Azure Active Directory > Password Reset > Properties:
Here you can either select All Users / Specific Azure AD Group (either synced or cloud-only) / None. You cannot control SSPR on the basis of OU or users' attribute(s)
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.