Posted by: kurtsh | May 17, 2019

PREVIEW: Restricting access to Self-service Password Reset or MFA to trusted devices using Azure AD Conditional Access

imageAzure AD now supports restricting access to SSPR/MFA self service to trusted devices, trusted networks, low risk scores and more using Conditional Access.

This helps ensure it’s the right user—not an attacker—registering this security sensitive info. Some common restrictions were requested include ensuring that:

  • Users are on a trusted network.
  • Only users with a low sign-in risk can register security information.
  • Users can only register on a managed device.
  • Users should agree to a terms of use during registration.

Check on the announcement & documentation here!


%d bloggers like this: