Is it possible to limit where users can reset their passwords in Microsoft 365?

Brass Contributor



I'm discussing enabling Self-service password reset with a customer and they are concerned that someone could reset the password from anywhere. Is it possible to create a conditional access policy that limits the IP addresses that a user can perform a SSPR from?


I know you can limit where the user signs up for SSPR/MFA but I'm wondering how to create a conditional access policy (or something else) that restricts user's to an IP address to perform the SSPR.




1 Reply
Wouldn't it be better increasing the number of authentication methods required for SSPR to improve security? As I am assuming the customer already have the most common conditional access policies activated anyway? (referring to your previous post about top conditional access policies ;)