First, you need to select the total number of authentication techniques for a password reset, and the number of authentication techniques users can access once you've enabled password reset for all. Ideally, you should keep multiple authentication options even though there's a need for just one. You can either send an email notification to the user's registered email address, a text or security code to the user's phone, or a series of security questions. Security questions can be customized to mandate a specified number of questions to be submitted for users in your Active Directory tenant (3-5). In addition, you must specify the number of correctly answered security questions that must be answered in order for an effective password reset.
