Admin users are able to register third party software tokens due to SSPR authorization policy. #817
Labels
assigned-to-author
Issue assigned to author
authentication/subsvc
doc-enhancement
entra-id/svc
Pri1
triaged
Specifications:
This document needs to clarify that even if the third party software token policy is disabled in the new authentication methods portal, because the SSPR Administrator policy enable by default all the methods for the admin users, these admin users are able to register third party software token apps that can be used to complete SSPR.
I was able to register a Google Authenticator even though the policy is disabled.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: