This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
I'd like to know if you can or request the ability to restrict access to the SSPR site by using Conditional Access Policies. I know you can setup a CA for registrations but it would be nice if you could restrict SSPR reset requests for your tenant to certain locations.
Is there a way to do this?
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Yes - follow https://www.alitajran.com/secure-mfa-and-sspr-registration/
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
As I mentioned in my question, I know you can setup a CA for the registration site but I'm wanting to restrict access to https://aka.ms/sspr
Apologies - clearly I misread your question.
Given that, the answer would be no. I don't see how this would be possible.
Keep in mind that CA is an authorization solution. For it to work, a user has to authenticate first. This simply doesn't happen in the context of SSPR until after the user accesses the SSPR portal and successfully verifies the identity.
hth
Marcin
The way to solve this is for Entra to surface SSPR as an app that can be targeted with a CA policy that you can scope or block to or from a location, require device compliance etc... This is something many would welcome and have asked for many times.
Agree with you Andy. Much needed with today's security risks.