Allow SSPR only from Azure Joined Windows Devices

Regular Contributor

Hi everyone,


We want to use SSPR only from specific devices. I don't talk about registration.

The point is to use this link and deny SSPR from devices by using conditional access.


Any ideas?



3 Replies

Hi. You can enable the SSPR CSP policy and deploy it to a group containing only Azure AD devices.


As for using CA to deny SSPR, what is the exact scenario?

I want to allow users to reset their password from their Azure joined computers only. Not from a smart phone or a non Azure joined devices.
best response confirmed by RahamimL (Regular Contributor)
Don't think this functionality exists at the moment. At best you can restrict registration to a known location using CA, but that's about it.