You need to turn on self-service password reset for a pilot group in the Microsoft Entra admin center. Which role grants the least privilege required to complete the configuration on the Password reset blade?
- AAssign the Authentication Policy Administrator role to the operator. Correct
- BAssign the Authentication Administrator role to the SSPR operator.
- CAssign the User Administrator role to the SSPR pilot operator.
- DAssign the Global Administrator role to the SSPR pilot operator.
Why A is correct: Correct. The enable-SSPR tutorial states the configuring account needs at least the Authentication Policy Administrator role.
Why B is wrong: This role manages user authentication methods and credentials but does not own the tenant SSPR configuration on the Password reset blade.
Why C is wrong: User Administrator can manage users and reset passwords, but the SSPR enablement steps call out Authentication Policy Administrator as the minimum role.
Why D is wrong: Global Administrator works, but it is not the least-privileged role; the tutorial explicitly names Authentication Policy Administrator as the minimum.