Forum Discussion
niklastinner
Jul 06, 2020Brass Contributor
Conditional Access policy Block user registration security information from foreign locations
Hello
I am currently constructing a conditional access policy which should block any attempt for registration of security information (for Self-Service-Password-Reset) from a foreign region. I have an a locationlist which just excludes my country, all others are included.
When I'm now using a VPN to an other country (which should of course be affected by the list) and try to submit my security information it's not getting blocked.
Am I doing something wrong?
Thanks!
- This only works with the combined security registration.
Have you enabled this?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined
If so, have you checked the sign-in logs and policy details??
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-access#azure-ad-sign-in-events
- Thijs LecomteBronze ContributorThis only works with the combined security registration.
Have you enabled this?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined
If so, have you checked the sign-in logs and policy details??
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-access#azure-ad-sign-in-events