Disabling the authentication methods re-confirmation prevents users from updating potentially outdated information such as email or phone number and can decrease the effectiveness of Self-service Password Reset (SSPR). This may also result in password reset information being sent to an unintended recipient. The default setting in Azure AD is to require users to re-confirm authentication information every 180 days and it is recommended to maintain this configuration unless required by a defined business need.
However, this re-confirmation can be seemingly annoying so some organizations cave to complaint and disable it. As a best practice keep it enabled and set it to a more comfortable re-confirmation schedule to help better secure the user identity and keep it current.
To enable it or alter the default number of days:
- Login to https://portal.azure.com
- Click the Azure Active Directory blade in the console.
- Click Users
- Click Password reset
- Click Registration
- Change the number of days to a value other than 0 (default is 180 days).
