Description:
This Microsoft Entra ID (Azure AD) setting controls whether all administrators are notified when another administrator resets a password. Enabling this option ensures that any privileged password reset is visible to other admins, reducing the risk of unauthorized or unnoticed changes.
Rationale:
Administrator identities are high-value targets. If an admin password is reset without visibility, attackers can maintain persistent access. Enabling notifications ensures transparency and allows other administrators to quickly detect and respond to suspicious or unauthorized reset activities.
Impact:
Enabling this setting increases visibility into sensitive administrative actions. It helps detect unauthorized or suspicious password resets quickly. The setting improves accountability among administrators. It reduces the risk of compromised admin accounts going unnoticed. Overall, it strengthens identity security and incident response readiness.
Pre-requisites:
Role required Global Administrator, Privileged Authentication Administrator and Authentication Policy Administrator
Access to the Microsoft Entra ID tenant
Test Plan:
Sign in to the Azure Portal at https://portal.azure.com
Open Microsoft Entra ID
Under the Manage section, select Password reset
Select Notifications
Verify that Notify all admins when other admins reset their password is set to Yes
If Notify all admins when other admins reset their password is not set to Yes, follow the implementation steps
Implementation Steps:
Sign in to the Azure Portal at https://portal.azure.com
Open Microsoft Entra ID
Under the Manage section, select Password reset
Select Notifications
Set Notify all admins when other admins reset their password to Yes
Save the changes
Backout Plan:
Navigate to Microsoft Entra ID in the Azure portal.
Under Manage, select Users, then click Password reset.
Open the Notifications tab.
Set “Notify all admins when other admins reset their passwords?” to No.
Click Save to apply the changes
References: