Microsoft Tech Community is in Read Only mode.  Please enjoy browsing our content while we complete our platform upgrade.

Forum Discussion

ProgentCT's avatar
ProgentCT
Brass Contributor
Jul 22, 2024

Unable to disable SSPR for Administrators

According to this link I can disable SSPR for Administrators.

https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy?WT.mc_id=Portal-Microsoft_AAD_IAM#administrator-reset-policy-differences

However, upon attempting to do so I am met with the following error.

 

S C:\Windows\System32> Update-MgPolicyAuthorizationPolicy -AllowedToUseSspr:$false
Update-MgPolicyAuthorizationPolicy_UpdateExpanded: Insufficient privileges to complete the operation.

Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2024-07-22T16:28:11

  • MarPas's avatar
    MarPas
    Brass Contributor

    Hi ProgentCT ,

    I would request to try you to please provide "Policy.ReadWrite.Authorization" permission to user executing this command. This is documented in the equivalent Graph API article: Update authorizationPolicy.

     

     

    Connect-MgGraph -scopes "Policy.ReadWrite.Authorization"
    Update-MgPolicyAuthorizationPolicy -AllowedToUseSspr:$false

     

     

    • ProgentCT's avatar
      ProgentCT
      Brass Contributor
      Thanks. This works. Why doesn't this work in Entra?

Resources