Curious as the documentation around enabling or requiring passkeys for restores seems to all be for MSP, multi-company CommCells. But the Security Assessment report “recommends” enabling this and apparently doesn’t distinguish.
So I thought “self, let’s do this” which turns into a series of rabbit holes: Can’t just require Passkey for restores, it says “ Operation failed. Admin has not allowed users to set passkey.” I didn’t really want to make this overly complex but this appears to be by design. Conceptually I think the workflow requiring authorization to do a restore makes more sense, masters get to bypass this authorization requirement though if reading it correctly.