Did you know that self-service password reset (#SSPR) is enabled by default for privileged users and does not respect the SSPR settings in Microsoft Entra portal?

Self-service password reset can be a useful feature that allows users to access their account in case they forget their password, or the account is locked.

On the other hand, it is potentially risky, as a potential attacker may target the self-service password reset feature to gain access to the account. Especially for privileged accounts, this is very risky and therefore I would generally recommend disabling self-service password reset for privileged accounts.

https://www.cswrld.com/2024/11/how-to-disable-self-service-password-reset-for-administrators/