自助服务密码重置 - 网址和IP地址范围 [英] Self Service Password Reset - Urls and IP address ranges

问题描述

允许SSPR的最小网址和IP地址范围：

Minimum set of Urls and IP address ranges to allow SSPR:

我们有一个安全的环境，用户可以使用Azure中托管的VDI解决方案访问Office 365。仅使用云身份，并且实施AD DS以登录VDI（Windows 2016 RDS会话）

We have a secure environment where users access Office 365 using a VDI solution hosted in Azure. Cloud only identities are used and AD DS is implemented for logging on to VDI (Windows 2016 RDS sessions)

Web过滤可防止用户直接从其公司设备访问Office 365及相关服务。

web filtering prevents the users from accessing Office 365 and associated services directly from their corporate devices.

这会造成用户无法访问SSPR以从其设备重置自己的密码的情况，并且如果没有有效的信用，他们无法登录到VDI以从那里执行重置，其中访问权限允许。 

This creates a situation when users are unable to access SSPR to reset their own passwords from their devices, and without valid creds they cannot log on to VDI to perform the reset from there, where access is allowed. 

我们希望配置Web过滤以允许从公司网络访问SSPR，而不允许访问任何其他服务，例如office.com

We want to configure web filtering to allow access SSPR from the corporate network, without allowing access to any other services e.g. office.com

我可以使用Fiddler中的网络跟踪来计算网址，但希望有更多可支持的内容。

I could use network trace in Fiddler to work out the URLs but hoping for something more supportable.

推荐答案

您可以根据网络位置阻止Azure访问并设置受信任位置，或创建定义访问权限的用户组。  https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-条件

目前我没有开箱即用的功能可以为您设置此功能。 

Right now there is no out-of-the-box functionality that I know of that would set this up for you. 

您能否澄清一下最低URls / IP范围的含义？

Can you clarify what you mean by minimum URls/IP ranges?

这篇关于自助服务密码重置 - 网址和IP地址范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！