cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)
Find out more

Prevent SSPR Outside Company Network

Stuart King
Regular Contributor

‎Mar 19 2020 02:55 AM

‎Mar 19 2020 02:55 AM

Prevent SSPR Outside Company Network

Hi All

 

Is it possible to restrict SSPR to when users are on-site / company LAN.

 

I know there is the combined MFA and password reset registration Conditional Access but this seems for SSPR / MFA Regist...

 

Info appreciated

Labels:
468 Views
0 Likes
3 Replies
Reply
3 Replies
Thijs Lecomte

‎Mar 19 2020 02:58 AM

‎Mar 19 2020 02:58 AM

Re: Prevent SSPR Outside Company Network

Hi there Stuart!

There is no other way than enabling combined registration and doing it the way you linked.
0 Likes
Reply
Stuart King

‎Mar 19 2020 03:59 AM

‎Mar 19 2020 03:59 AM

Re: Prevent SSPR Outside Company Network

@Thijs Lecomte 

 

Hmmm, not great.

 

How about revoking MFA sessions for user? That would force them to re-register for MFA onsite?

 

Any similar solution for passwords?

 

Regards

 

 

0 Likes
Reply
Thijs Lecomte

‎Mar 21 2020 02:21 AM

‎Mar 21 2020 02:21 AM

Re: Prevent SSPR Outside Company Network

It's not possible natively through AAD. You could create some custom Graph API script, but even that won't fully solve your issue.
0 Likes
Reply