Verify remote user identity

GilFernandez · ‎Dec 22 2022

Hi Everyone,

Right now I am looking for a solution to verify the identity of remote users when they contact Service Desk to ask for password reset.

More than ask security questions, do you know if Microsoft have a solution (such as the MFA Authenthicator) in which the service desk agent ask the user to validate his/her identity through a "Accept" button or to ask a Token.

Thanks

ChristianJBergstrom · ‎Dec 22 2022

How about SSPR instead?

https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

brlgen · ‎Dec 25 2022

As Christian mentions you can use SSPR for this. But we went a step further. We created a logic app connected to the incident management system. Whenever a user loses access to their MFA device or other scenario the helpdesk can trigger this logic app by creating a ticket. This sends out a TAP to the users's SSPR email address which is their private email address. Using the "authentication administrator" role the logic app could only create a TAP for a non admin users preventing privilege escalation attacks. Additionally the helpdesk has no permissions to view or edit these emails they can only trigger the logic app by creating an incident.

GilFernandez · ‎Dec 27 2022

Thanks,
Do you know if the use of SSPR apply if the user forget the Windows Log In password ?

ChristianJBergstrom · ‎Dec 27 2022

If you’re referring to on-premises in hybrid environment there’s a password writeback feature https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeba...

Verify remote user identity

Verify remote user identity

Re: Verify remote user identity

Re: Verify remote user identity

Re: Verify remote user identity

Re: Verify remote user identity

Products (52)

Special Topics (29)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Verify remote user identity