Forum Discussion

ChevITGuy's avatar
ChevITGuy
Brass Contributor
Jul 06, 2022

How to disable More Information Required - Don't lose access to your account! on Office logins

Greetings!

   We do NOT use Multi-Factor Authentication (YET) on our organization's Microsoft Office access.  We do NOT manage PASSWORDS on the Microsoft Cloud but locally in our own Active Directory.  Our users CANNOT change their password on the Microsoft Office sites.  Yet we are "bombarded" with requests to add a Cell Phone and Alternative E-Mail to Microsoft records.  How do I STOP this behavior please?  It is particularly bad when performing Administrative duties on the Admin Portal.

 

ChevIT Guy

 

 

microsoft 365
  • Robina's avatar
    Robina
    Jul 08, 2022

    ChevITGuy I hope this post can help you to stop asking More Info required !

     

    • To disable the self-service password reset functionality for the entire tenancy.

    To disable the password reset functionality, which is redundant if you have Microsoft 365 federated  to RM Unify, please perform the following:

    1. Log on to Microsoft 365 as a global administrator and navigate to the 'Microsoft 365 admin center'.
    2. From the left-hand side, under Settings, select Org settings.
    3. In the right-hand side pane, under 'Security & privacy', click the 'Self-service password reset' link.
    4. In the 'Azure Active Directory admin center' window, on the left-hand side, select Users, 'Password reset'.
    5. Change the 'Self service password reset enabled' option to None.
    6. Click Save.
    7. Note the information box advising that this setting only applies to end users. M365 admins are always enabled for self-service password reset. 
    • To enable the self-service password reset functionality for only selected users in your tenancy. 

    Use this procedure to allow self-service password reset functionality for only the unfederated users in your Microsoft 365 tenancy:

    1. Log on as a global admin and access the 'Microsoft 365 admin center'.
    2. From 'Teams & groups', create a security group called SSPR Enabled.
    3. From Users, bulk select the users you want to add to the security group.
    4. From the toolbar, click the three dots and select 'Manage groups'.
    5. In 'Group memberships', type SSPR Enabled.
    6. Tick the group and click 'Save changes'.
    7. Navigate to the 'Password reset properties' page in Azure Active Directory.
    8. Click Selected, then search for and select the SSPR Enabled group created above.
    9. Click 'Save changes'.

    Good Luck and Happy Learning

     

  • Robina's avatar
    Robina
    Iron Contributor
    Jul 08, 2022

    ChevITGuy I hope this post can help you to stop asking More Info required !

     

    • To disable the self-service password reset functionality for the entire tenancy.

    To disable the password reset functionality, which is redundant if you have Microsoft 365 federated  to RM Unify, please perform the following:

    1. Log on to Microsoft 365 as a global administrator and navigate to the 'Microsoft 365 admin center'.
    2. From the left-hand side, under Settings, select Org settings.
    3. In the right-hand side pane, under 'Security & privacy', click the 'Self-service password reset' link.
    4. In the 'Azure Active Directory admin center' window, on the left-hand side, select Users, 'Password reset'.
    5. Change the 'Self service password reset enabled' option to None.
    6. Click Save.
    7. Note the information box advising that this setting only applies to end users. M365 admins are always enabled for self-service password reset. 
    • To enable the self-service password reset functionality for only selected users in your tenancy. 

    Use this procedure to allow self-service password reset functionality for only the unfederated users in your Microsoft 365 tenancy:

    1. Log on as a global admin and access the 'Microsoft 365 admin center'.
    2. From 'Teams & groups', create a security group called SSPR Enabled.
    3. From Users, bulk select the users you want to add to the security group.
    4. From the toolbar, click the three dots and select 'Manage groups'.
    5. In 'Group memberships', type SSPR Enabled.
    6. Tick the group and click 'Save changes'.
    7. Navigate to the 'Password reset properties' page in Azure Active Directory.
    8. Click Selected, then search for and select the SSPR Enabled group created above.
    9. Click 'Save changes'.

    Good Luck and Happy Learning

     

    • ChevITGuy's avatar
      ChevITGuy
      Brass Contributor
      Jul 18, 2022

      Robina

         Thanks for your work on your reply above!  I have returned from Vacation and I will pass your instructions on to my Supervisor to gain his support for making these changes.  They will be up to him to implement.

       

      UNFORTUNATELY, I saw this line in your instructions below:

       

      M365 admins are always enabled for self-service password reset.

       

      Since I AM an M365 admin, apparently these instructions will not help me!  That decision by Microsoft needs to be REVERSED.  It is just WRONG as even as an Admin, I CANNOT change my Password using Outlook on the web action.  It must be done here at our Local Active Directory console or by me at a Windows 10 Enterprise or Windows Server 2016 Login Session.  This is VERY disappointing as this USELESS request really SOLWS down my access to important Administrative Functions.

       

      All the Best!

      ChevIT Guy 

Resources