You need to do two things: make sure the account is excluded from the "standard" SSPR policy and toggle off the SSPR requirement for admins. The latter is done by toggling the allowedToUseSSPR setting (which is specific to admins) on the authorization policy: https://learn.microsoft.com/en-us/graph/api/resources/authorizationpolicy?view=graph-rest-1.0 Unfortunately, this does affect all admin accounts.
How to disabled SSPR for Breakglass accounts when SSPR is required for admin role?
Hello. I am trying to setup Breakglass accounts per MS instructions however, I am confused.
One section says that I should ensure the accounts do not have SSPR enabled but it appears to be enabled by default for administrators via notice showing on Password Reset policy. Is this because I have not fully transitioned to using the new authentication methods policy or authentication strengths policy?
I don't have an option where the AI generated instructions say to "Create new policy" - I am a Global Admin.
2 answers
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
-