When we switched on conditional access to enforce MFA on all users the guests got prompted to setup MFA even though they already have MFA on their home account.įor the time being I've added an exclusion on our conditional access policy to exclude guests and the dashboard is still saying we're 100% compliant after a few days, but what I'm reading here is that potentially these guest accounts are going to become useless unless all the guests wrestle with adding MFA on every instance they're a guest (which is totally mad). “We have lots of our customers in our tenant as guests for Teams channels because we invite the customer primary contact(s) into a channel that has their support engineers present. ![]() One of the user to above question with in community speaks as follows: Let's focus on question" Why can a guest's home tenant not send some kind of attestation that MFA is in place on the home user account? " ![]() Mostly organizations select MFA to be enabled for whole Azure AD while setting up tenant, which can be later enabled/disabled for individuals. It is a requirement for Microsoft Partners to enable MFA for all users in organization, but as far as multi-tenant Azure AD MFA is concerned, Organizations can choose to enable/disable MFA for guests and single users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |