External User with conditional access for SharePoint Online not working
I'm excited about the new introduced features and I immediately tried it out. What my customer are looking for is to enhance the external collaboration on their SharePoint Online. I want to enforce MFA for all or selected external users. The users are already added to the AAD the SPO belongs to (owner tenant). I've enabled a conditional policy in the new Azure Portal for the enterprise application named "Office 365 SharePoint Online" but even after an our for potential sync between AAD and SharePoint the policy is not working. I tested the MFA enforcement with a basic ASP.NET app hosted and registered as an enterprise app in the same tenant. The policy is working if enabled for this app. The external user had to enroll using MFA and the access is granted as expected. I then changed the policy to not select specific apps but the apply to all apps in the tenant. But also without any noticeable results even after some time passed.
Is it a bug? A feature? Or a topic on the roadmap? Any ETA? It is a really important app in the AAD ecosystem and respecting the AAD policies would be beneficial if not mandatory!
- Following up on this, The SPO team informed me that inorder for this to work, you need to be enrolled for First Release, andfor Guest MFA you need a fix that SPO made.
THis should be available globally by end of March, but if you direct message me your tenant details, we can get it enabled for your tenant only.