none
MIM 2016 SP1 (SSPR) Azure AD Gate without doubling up registration? RRS feed

  • Question

  • I have a situation in which a client has already configured Azure AD SSPR and they want to be able to use the integrated desktop password reset functionality offered by MIM SSPR. If I just install the SSPR component without the registration portal. Can MIM SSPR be configured to use Azure MFA and the security questions registered there as the authentication gate. 

    The idea being, having  a user register on Azure AD for SSPR and not having to register again for MIM SSPR but still being able to use the windows integrated desktop password reset without going through the registration process again.

    Anyone had any luck with similar scenarios. 

    Friday, December 8, 2017 12:10 AM

Answers

  • Hey Brian, Thanks for the answer.

    So to clarify, you can sync Mobile/E-Mail? (for OTP).

    But a Q&A based solution is currently not possible. 


    Correct. You can retrieve the mobile and alternate email via PowerShell (but not AAD Connect).

    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by lbito Friday, December 8, 2017 4:42 PM
    Friday, December 8, 2017 4:33 PM
    Moderator

All replies

  • This isn't possible. You can retrieve the authentication phone number in Azure AD, but not questions/answers. If you wanted to sync the authentication phone back you would need a recurring process to retrieve that data from Azure AD and update MIM with it.

    Thanks,
    Brian

    Consulting | Blog | AD Book

    Friday, December 8, 2017 3:46 PM
    Moderator
  • Hey Brian, Thanks for the answer.

    So to clarify, you can sync Mobile/E-Mail? (for OTP).

    But a Q&A based solution is currently not possible. 

    Friday, December 8, 2017 4:30 PM
  • Hey Brian, Thanks for the answer.

    So to clarify, you can sync Mobile/E-Mail? (for OTP).

    But a Q&A based solution is currently not possible. 


    Correct. You can retrieve the mobile and alternate email via PowerShell (but not AAD Connect).

    Thanks,
    Brian

    Consulting | Blog | AD Book

    • Marked as answer by lbito Friday, December 8, 2017 4:42 PM
    Friday, December 8, 2017 4:33 PM
    Moderator