Forum Discussion
self service password reset - restrict access
The SSPR Deployment Plan
aka.ms/deploymentplans
has cases for SSPR portal being accessible from within & outside the corporate network (with option for corporate & personal devices) - suggests conditional access or similar is available for SSPR but no obvious cloud app or setting to configure against.
Can anyone advise if access to SSPR portal (I assume this is the reset at https://aka.ms/sspr) can be restricted e.g. based upon devices, named locations etc.
5 Replies
- Hi Chris.
let me see if i understood you question.
Do you want to use SSPR based on the device ?
If this is the question, i think that SSPR doesn't have this funtionallity yet.
But let me know more about this case, what are thinking to do?
Thanks, bye.RodNet I think the deployment plan is possibly focusing on scenarios for on-prem password reset and giving the impression that access to SSPR portal itself can be controlled e.g. by managed devices or as it mentions the corporate network, maybe named locations.
I'm in a cloud only scenario, as I am using the plan I need to be sure if there is an option or not to restrict apply any granular restrictions to the password reset screen as the plan potentially implies.
By using condional access you could setup a policy where users must meet the requirements to acess the myapps portal, where the link to the reset password will be available for users, and for devices if you are using password Write-Back, I think that using like this if your users do not meet the requirements they i'll can't do the password Reset.
Setting configurations like trusted locations on Named Locations on conditional acess, can help you set the region or ip address range will have acess to portal and how this password reset will be there, the user must meet the requirements. Sorry but, i can see just this away, correct me if i'm wrong and let's learn together.
That is it, hope it helps you.
Bye! =D
