Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Allow SSPR only from Azure Joined Windows Devices

Iron Contributor

Hi everyone,

 

We want to use SSPR only from specific devices. I don't talk about registration.

The point is to use this link and deny SSPR from devices by using conditional access.

 

Any ideas?

 

Rahamim.

3 Replies

Hi. You can enable the SSPR CSP policy and deploy it to a group containing only Azure AD devices.

 

As for using CA to deny SSPR, what is the exact scenario?

I want to allow users to reset their password from their Azure joined computers only. Not from a smart phone or a non Azure joined devices.
best response confirmed by RahamimL (Iron Contributor)
Solution
Don't think this functionality exists at the moment. At best you can restrict registration to a known location using CA, but that's about it.
1 best response

Accepted Solutions
best response confirmed by RahamimL (Iron Contributor)
Solution
Don't think this functionality exists at the moment. At best you can restrict registration to a known location using CA, but that's about it.

View solution in original post