Share via

Azure SSPR

Anonymous
2024-04-12T11:09:54.8266667+00:00

Good day may I ask why Global Administrators are not allowed to use SSPR

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 68,300 Reputation points MVP Volunteer Moderator
    2024-04-12T11:33:54.5666667+00:00

    That's not the case. As a matter of fact, you cannot block Global Admins from using SSPR

    https://learn.microsoft.com/en-us/answers/questions/765465/disable-sspr-for-indiviaul-admin-accounts

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Gudivada Adi Navya Sri 21,080 Reputation points Moderator
    2024-04-16T07:12:25.8+00:00

    Hi @Kim Marion Maquiling

    Thank you for posting this in Microsoft Q&A.

    I understand your question as to why Global Administrators are not allowed to use SSPR (Self-Service Password Reset) in Microsoft Entra Id.

    By default, Global Administrators are allowed to use SSPR (Self-Service Password Reset) in Microsoft Entra Id. To minimize the risk of privilege escalation attacks, it is advisable not to utilize Global Administrators for routine activities such as password resets. Instead, it is recommended to employ a dedicated account with appropriate permissions for carrying out administrative tasks, including password resets.

    For your reference: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#administrator-reset-policy-differences

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.