cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prevent SSPR Outside Company Network

%3CLINGO-SUB%20id%3D%22lingo-sub-1237584%22%20slang%3D%22en-US%22%3EPrevent%20SSPR%20Outside%20Company%20Network%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1237584%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20restrict%20SSPR%20to%20when%20users%20are%20on-site%20%2F%20company%20LAN.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20there%20is%20the%26nbsp%3B%3CSPAN%20class%3D%22lia-message-unread%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fconditional-access-for-the-azure-ad-combined-mfa-and-password%2Fba-p%2F566348%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ecombined%20MFA%20and%20password%20reset%20registration%20Conditional%20Access%20but%20this%20seems%20for%20SSPR%20%2F%20MFA%20Registration%20only.%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-message-unread%22%3EInfo%20appreciated%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1237584%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1237590%22%20slang%3D%22en-US%22%3ERe%3A%20Prevent%20SSPR%20Outside%20Company%20Network%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1237590%22%20slang%3D%22en-US%22%3EHi%20there%20Stuart!%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20no%20other%20way%20than%20enabling%20combined%20registration%20and%20doing%20it%20the%20way%20you%20linked.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1237803%22%20slang%3D%22en-US%22%3ERe%3A%20Prevent%20SSPR%20Outside%20Company%20Network%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1237803%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHmmm%2C%20not%20great.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20about%20revoking%20MFA%20sessions%20for%20user%3F%20That%20would%20force%20them%20to%20re-register%20for%20MFA%20onsite%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20similar%20solution%20for%20passwords%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1243534%22%20slang%3D%22en-US%22%3ERe%3A%20Prevent%20SSPR%20Outside%20Company%20Network%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1243534%22%20slang%3D%22en-US%22%3EIt's%20not%20possible%20natively%20through%20AAD.%20You%20could%20create%20some%20custom%20Graph%20API%20script%2C%20but%20even%20that%20won't%20fully%20solve%20your%20issue.%3C%2FLINGO-BODY%3E
Stuart King
Regular Contributor

‎03-19-2020 02:55 AM

‎03-19-2020 02:55 AM

Prevent SSPR Outside Company Network

Hi All

 

Is it possible to restrict SSPR to when users are on-site / company LAN.

 

I know there is the combined MFA and password reset registration Conditional Access but this seems for SSPR / MFA Regist...

 

Info appreciated

Labels:
258 Views
0 Likes
3 Replies
Reply
3 Replies
Thijs Lecomte

‎03-19-2020 02:58 AM

‎03-19-2020 02:58 AM

Re: Prevent SSPR Outside Company Network

Hi there Stuart!

There is no other way than enabling combined registration and doing it the way you linked.
0 Likes
Reply
Stuart King

‎03-19-2020 03:59 AM

‎03-19-2020 03:59 AM

Re: Prevent SSPR Outside Company Network

@Thijs Lecomte 

 

Hmmm, not great.

 

How about revoking MFA sessions for user? That would force them to re-register for MFA onsite?

 

Any similar solution for passwords?

 

Regards

 

 

0 Likes
Reply
Thijs Lecomte

‎03-21-2020 02:21 AM

‎03-21-2020 02:21 AM

Re: Prevent SSPR Outside Company Network

It's not possible natively through AAD. You could create some custom Graph API script, but even that won't fully solve your issue.
0 Likes
Reply