Forum Discussion

DownTownDbrown's avatar
DownTownDbrown
Copper Contributor
Mar 09, 2022

Conditional Access to Block off premise access My Profile app

We are about to have our users provision their M365 E5 accounts.  In order to prevent brute force attacks during the registration period we would like to limit users ability to register from non trusted locations.  So when they access https://myaccount.microsoft.com for registration we want them to only be allow if they are coming from an IP that is configured as a "Trusted Location".   That way it forces users to setup their Microsoft account from on premise, so that they have a chance to get MFA setup.  

 

I have read the below documentation which seems like it's suppose to do the same concept but can't get it to work.  

Create a policy to require registration from a trusted location

  • VasilMichev, I just realized that I failed to add my users to the Password Reset configuration, so they weren't getting to the combined registration.  Now that I added them its working by design and blocking external access for users who have not registered their two step verification yet.    

    • dtowndbrown's avatar
      dtowndbrown
      Copper Contributor

      VasilMichev, I just realized that I failed to add my users to the Password Reset configuration, so they weren't getting to the combined registration.  Now that I added them its working by design and blocking external access for users who have not registered their two step verification yet.    

Resources