I'm trying to understand the relevance of Self-Service Password Reset (SSPR) in our transition to a passwordless organization. Should I still enable SSPR? What's the deal with password resets and user risk? Also, is it possible to completely eliminate passwords from Microsoft 365 business accounts? I've heard that changing a password might mess with other active user sessions, which could be a security concern.
1 Answer
SSPR is mainly for resetting passwords, which is less of a concern if you're fully passwordless. However, not all organizations are there yet, so SSPR still serves a purpose for those that haven't made the jump.
True, but if you’re passwordless, not having SSPR could lower your Secure Score, which is something to keep in mind!