Exam SC-300 topic 2 question 109 discussion

When administrators require one method be used to reset a password, verification code is the only option available for the app option. (https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks). The following authentication methods are available for SSPR: Mobile app notification Mobile app code Email Mobile phone Office phone (available only for tenants with paid subscriptions) Security questions

“When administrators require one method be used to reset a password, verification code is the only option available.”

I am going with B. I researched this quite a bit online using different articles and ran a lot thru copilot. The Email option for Self-Service Password Reset (SSPR) can be configured for either internal or external email addresses. However, using an internal email address is generally more secure and recommended. Comparison: Email vs. Mobile App Notification Email: Pros: Easy to set up and use; familiar to most users. Cons: Can be less secure due to potential phishing attacks; relies on users having access to their email. Mobile App Notification: Pros: More secure; uses push notifications through apps like Microsoft Authenticator; less susceptible to phishing. Cons: Requires users to have the app installed and configured. Recommendation: Mobile App Notification is generally better for security and reliability. It provides a stronger defense against phishing and ensures users can securely reset their passwords using a trusted app.

"When administrators require one method be used to reset a password, verification code is the only option available. When administrators require two methods be used to reset a password, users are able to use notification OR verification code in addition to any other enabled methods." https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks?source=recommendations#authentication-methods so we can NOT use a mobile app notification here and SSPR does not allow sending reset codes to internal email addresses due to security risks. so the right answer is A. Users can receive a verification code via an external email guys, please stop guessing answers, read the documentation first

For self-service password reset (SSPR) in Microsoft Entra, a valid authentication method available to users is **a mobile app notification** (Option B)[1](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks)[2](https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr). This method is commonly used for verifying user identity during the password reset process. [1](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks): [Microsoft Learn - Self-service password reset deep dive](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks) [2](https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr): [Microsoft Learn - Enable Microsoft Entra self-service password reset](https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr)