Feb 07 2023 11:38 AM
Hello,
I'm discussing enabling Self-service password reset with a customer and they are concerned that someone could reset the password from anywhere. Is it possible to create a conditional access policy that limits the IP addresses that a user can perform a SSPR from?
I know you can limit where the user signs up for SSPR/MFA but I'm wondering how to create a conditional access policy (or something else) that restricts user's to an IP address to perform the SSPR.
Thanks,
John
Feb 08 2023 05:28 AM