EIDSCA.AP01 - Default Authorization Settings - Enabled Self service password reset for administrators.
Overviewβ
Indicates whether administrators of the tenant can use the Self-Service Password Reset (SSPR). The policy applies to some critical critical roles in Microsoft Entra ID.
Administrators with sensitive roles should use phishing-resistant authentication methods only and therefore not able to reset their password using SSPR.
Test scriptβ
https://graph.microsoft.com/beta/policies/authorizationPolicy
.allowedToUseSSPR -eq 'false'
Related linksβ
- Open in Graph Explorer
- authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | EIDSCA.AP01 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAP01 |
| Tags | EIDSCA, EIDSCA.AP01 |
Sourceβ
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAP01.ps1