question

MichaelMcKeehan-0003 avatar image
0 Votes"
MichaelMcKeehan-0003 asked JamesTran-MSFT commented

Restricting domains for SSPR email

We have enacted SSPR on one of our Azure tenants and are looking to prevent users from changing the SSPR email to their personal. Here is a use case

  • Our tenants are CompanyA and CompanyB

  • It is assumed that all users in CompanyB are a part of CompanyA

  • Company B just had SSPR activated on it, and users will use their email and sms if a password reset is needed.

  • The request is that users will only use their CompanyA email for SSPR

I want to prevent Jane Doe from changing the SSPR email from Jane.Doe@CompanyA.com to Janedoe2934@hotmail.com. I am unable to find anything after some research in the docs.

azure-ad-sspr
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered JamesTran-MSFT commented

Hi anonymous user ,

I understand that you want to restrict users' ability to change their SSPR email.

Changing the email during password reset does not change the user's actual email but is there in case the user verifies an email but then realizes that it's not the email for which they wanted to reset the password.

The control itself cannot be disabled, but you can hide the "change email" button with CSS or JS. There is an example in this related Stack Overflow thread that shows how to hide the email:

 var mail_ver_but_edit = $('#email_ver_but_edit');
 if (mail_ver_but_edit) {
    mail_ver_but_edit.attr ('style', 'display: none;');
    mail_ver_but_edit.removeAttr('id');
    mail_ver_but_edit.removeClass('editButton');
 }

Here is a CSS example by Amanpreet Singh from another thread:

172363-image.png

Let me know if this helps.



image.png (29.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image JamesTran-MSFT ·

anonymous user
Thank you for your post!

Adding on to what @MarileeTurscak-MSFT mentioned, you can also define password reset data on behalf of your users with Azure AD Connect, PowerShell, the Azure portal, or the Microsoft 365 admin center. For more info.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·