Conditional Access Policy – Register security information
Hi,
As response to a security incident we’ve created a conditional access policy to block registration of MFA methodes from other countries based on the User Actions = Register security information.
We noticed that users who are working in other countries using VPN sometimes can’t log in because of this conditional access.
It seems like after a number of logins, over a period of time, there is a registration triggered which causes this conditional access policy to be hit.
Excluding the affected user from this policy solves the issue, and after removing the exclusion the user can keep on working for a period of time without issues.
Is it correct to assume that there is an automatic registering of security information is triggered? What are the conditions for this to happen?
kind Regards,
Ivan
Hi,As response to a security incident we’ve created a conditional access policy to block registration of MFA methodes from other countries based on the User Actions = Register security information.We noticed that users who are working in other countries using VPN sometimes can’t log in because of this conditional access.It seems like after a number of logins, over a period of time, there is a registration triggered which causes this conditional access policy to be hit.Excluding the affected user from this policy solves the issue, and after removing the exclusion the user can keep on working for a period of time without issues.Is it correct to assume that there is an automatic registering of security information is triggered? What are the conditions for this to happen?kind Regards,Ivan Read More