Azure AD Best Practice: Requiring users to periodically re-confirm their authentication information

Disabling the authentication methods re-confirmation prevents users from updating potentially outdated information such as email or phone number and can decrease the effectiveness of Self-service Password Reset (SSPR). This may also result in password reset information being sent to an unintended recipient. The default setting in Azure AD is to require users to re-confirm authentication information every 180 days and it is recommended to maintain this configuration unless required by a defined business need.

However, this re-confirmation can be seemingly annoying so some organizations cave to complaint and disable it. As a best practice keep it enabled and set it to a more comfortable re-confirmation schedule to help better secure the user identity and keep it current.

To enable it or alter the default number of days:

  1. Login to https://portal.azure.com
  2. Click the Azure Active Directory blade in the console.
  3. Click Users
  4. Click Password reset
  5. Click Registration
  6. Change the number of days to a value other than 0 (default is 180 days).

Re-confirm authentication information

Authors