SSPR and only allow registration of security information from trusted location

SSPR and only allow registration of security information from trusted location

At our last Mindcore Tech event, we took a closer look at Self-service Password reset in Azure AD.

One question we did not have the time to pursue, was how to only allow entering security information from a trusted location.

We have SSPR setup and users are required to setup security information at first logon as explained here:

http://blog.mindcore.dk/2019/03/azure-active-directory-azure-ad-self.html

In this test we will only allow entering security information from our company IP address.

First we create a new user to use for this test (blockuser).

image

Blockuser will be added to the AD group pwdresetgrp, because this is the group we used in the previous post about SSPR, we will also use this group for the conditional access policy.

image

Next step is to create a new Conditional Access Policy in Azure AD.

image

Name the policy and in Users and groups select the group pwdresetgrp to be included in this policy.

image

In Cloud apps or actions select user actions and Register security information.

image

In Conditions select locations and include Any location.

image

We will exclude our Company IP address (Mindcore location) and trusted MFA IPs.

image

Select to block access.

image

Then enable the policy and create.

image

In this example the location Mindcore is created as an IP address range.

image

Now let try from an unknown IP address and do a first time login with the user blockuser.

image

Password.

image

We will still see the More information required.

image

But since this is an untrusted location we will get You cannot access this right now.

image

Changing location to a secure location (Mindcore IP address), we will see this instead:

image

Mindcore Tech https://www.linkedin.com/groups/12247201/

Table of Contents

Share this post
Search blog posts
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe