Information
The Microsoft 365 platform allows users to reset their password in the event they forget it. The self-service password reset activity report logs each time a user successfully resets their password this way. The self-service password reset activity report should be reviewed at least weekly.
Rationale:
An attacker will commonly compromise an account, then change the password to something they control and can manage.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To review the self-service password reset activity report:
Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
Click to expand Protection > Password reset select Audit logs.
Review the list of users who have reset their passwords by setting the Date to Last 7 days and Service to Self-service Password Management