Microsoft Entra ID (Azure AD), when configuring Self-Service Password Reset (SSPR) policies, you can require users to verify up to two authentication methods before allowing a password reset.
🔐 Details:
- You can register multiple methods (e.g., phone, email, security questions, app notification).
- But the maximum number of required methods for a reset is 2.
- This helps balance security and usability—ensuring strong identity verification without overburdening users.
