Azure AD now supports restricting access to SSPR/MFA self service to trusted devices, trusted networks, low risk scores and more using Conditional Access.
This helps ensure it’s the right user—not an attacker—registering this security sensitive info. Some common restrictions were requested include ensuring that:
- Users are on a trusted network.
- Only users with a low sign-in risk can register security information.
- Users can only register on a managed device.
- Users should agree to a terms of use during registration.
Check on the announcement & documentation here!
- AZURE AD IDENTITY BLOG: Conditional access for the Azure AD combined MFA and password reset registration experience
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Conditional-access-for-the-Azure-AD-combined-MFA-and-password/ba-p/566348
kurtsh
Kurt Shintaku's Blog 