Require MFA prior to accessing SSPR URL

Oscar Goco
Occasional Contributor

Currently, the SSPR verification site is accessible once a user clicks "Can't access your account?". There is nothing restricting viewing/accessing this site.

Is it possible restrict access to this SSPR verification site only after a user is validated by MFA? Customer wants to add a level security so only users that are MFA verified access to the SSPR verification site to enter the validation information needed. They are not concerned with SSPR process, it works fine. They want to minimize spray attacks using verification information.

It is understood, that using verification using txt or call my phone and email address can be used. However, the question is accessing the verification site and not the methods of verification. 

If MFA cannot be used, what other combination of methods can be leveraged? 




2 Replies

I'm afraid you can't do that. That's because when someone is accessing the SSPR site, the site doesn't know yet which user is accessing the site.

Surely to use MFA would need them to know their password in the first place ...

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies