I have some questions about self service password reset in Azure AD. We wan't to avoid that a single unlocked smartphone can be used to reset the passsword.
A user registers multiple authentication methods including the number of his smartphone and the authenticator app.
The authenticator app is installed on the same smartphone. To reset the password a user needs 2 authentication methods. Is there
a way to not allow the user to reset the password by using the number of the smartphone in combination with the authenticator
app if the app is installed on the same device as the number is assigned to?Is there a way to enforce pin or fingerprint authentication for approvals with the authenticator app. Especially on BYO devices?
Thanks
Tobi