Forum Discussion
Verify remote user identity
Hi Everyone, Right now I am looking for a solution to verify the identity of remote users when they contact Service Desk to ask for password reset. More than ask security questions, do you kno...
How about SSPR instead?
https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
As Christian mentions you can use SSPR for this. But we went a step further. We created a logic app connected to the incident management system. Whenever a user loses access to their MFA device or other scenario the helpdesk can trigger this logic app by creating a ticket. This sends out a TAP to the users's SSPR email address which is their private email address. Using the "authentication administrator" role the logic app could only create a TAP for a non admin users preventing privilege escalation attacks. Additionally the helpdesk has no permissions to view or edit these emails they can only trigger the logic app by creating an incident.
