Forum Discussion
Can we require MFA for SSPR enrollment?
Is there a way to require MFA for SSPR (self-service password reset) enrollment? This would be ideal for our tenant to ensure a valid user (not just having the password) authenticates with MFA, or other Conditional Access policies, in order to do initial SSPR enrollment.
I'm not so much concerned with the reset process, just the enrollment process right now.
Thanks!
I believe they have plans to unify the SSPR and MFA enrollment processes, so you will have the same experience with both.
Thanks VasilMichev! Do you or anyone else with experience on this have an update on how this can be accomplished? I'm pretty sure the enrollment processes are still segmented. Any way to identify the SSPR enrollment page and create a Conditional Access rule for that app, requiring registration to come from an Intune-managed device, an MFA challenge, or both?
I know Conditional Access can do this, just not sure if the "SSPR Registration" page is considered an Enterprise Application in the AzureAD admin portal so I can apply this rule to it.
Thanks!
Hello
Did you manage to achieve this, we are looking at trying to work out the exact same scenario.
Conditional access for the SSPR setup process
Thanks
