Skip to content

Microsoft Entra ID: SSPR Requires Registered Authentication from September 2026

In brief: Microsoft is enforcing registered authentication methods for Self-Service Password Reset in Entra ID starting September 2026.

Microsoft is tightening requirements for Self-Service Password Reset (SSPR) in Entra ID from September 7, 2026: users will then be required to use registered authentication methods. The announcement was made on May 28, 2026.

Microsoft is raising security requirements for Self-Service Password Reset in Entra ID. Users who want to reset passwords themselves from September 7, 2026 onwards must use already registered authentication methods. This ends a transition period in which unregistered methods were still accepted.

For CISOs, this means an action window of approximately 15 months before the deadline. All users must have registered at least one authentication method in their Entra ID profile by then. This reduces the risk of password reset processes that take place without pre-configured secure channels.

Organizations should start planning now: communication to users, validation of existing registration rates, and if necessary, automation measures to increase registration rates. Those who do not implement registered methods in time risk lockout scenarios in production environments.


Source: borncity.com · Published June 6, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.

Share on: