Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Feb 09, 2024
Solved

Enable Conditional Access template for guest MFA requirement and SharePoint sharing

Hi,   I plan to enable template for Conditional Access for GUEST and External users to be forced for MFA. I just cant find answer whether this will affect also external users that we have shared Sh...
Access Management
Conditional Access
  • JosvanderVaart's avatar
    JosvanderVaart
    Feb 09, 2024

    Hi sumo83,

     

    When you start using this template all external users will be included, see screenshot below. That means that all authentication to Entra that is not from a member user will be affected by this conditional access rule.

    So to concretely answer your question: Yes this also applies to external users with whom you have shared an SP folder.

     

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,

sumo83's avatar
sumo83
Iron Contributor
Feb 09, 2024
thank you for info... Under which group will fall an external user that I simply share a folder with via link as "People you choose" option please?

I'm still a bit confused about it...
JosvanderVaart's avatar
JosvanderVaart
Iron Contributor
Feb 09, 2024

sumo83 It depends who you share with and what platform he is on.

  • sumo83's avatar
    sumo83
    Iron Contributor
    Feb 10, 2024

    may I have one more question please...

    as the external user is not a guest in our MS Entra.... how the MFA will work for him? Or will enabling MFA cause that also external users that are not a GUESTS will be added as GUESTS to our Entra?... Lets say that they will have issue with MFA at some point, on which site it needs to be fixed?

    If they are as Guests showing in our Entra, i know their the MFA is managed by our Entra... But if I share it externaly via link, and they are not GUESTs in our Entra.... how MFA works in that case?

    Trying to search for some good documentations and trainings... but these are not really answered there... :?

    • MatejKlemencic's avatar
      MatejKlemencic
      Brass Contributor
      Feb 11, 2024

      To enforce MFA through Conditional Access for users, it's necessary to activate the Entra B2B integration for SharePoint and OneDrive. In cases where SharePoint External Sharing is utilized, users authenticate by entering a verification code sent to their email. My personal advice is to opt for the Entra B2B integration, as it offers extra security enhancements. Check this > https://learn.microsoft.com/en-us/sharepoint/sharepoint-azureb2b-integration

      • sumo83's avatar
        sumo83
        Iron Contributor
        Feb 28, 2024
        I'm about to enable B2B integration... Do I understand that correctly that when I enable it, even one-time password via email external users will be created as guests in our Entra... and then I can enable MFA for guests/external....

        for existing sharing - user will just need to re-authenticate via email one time password again (before I go to next step and enable MFA)
  • sumo83's avatar
    sumo83
    Iron Contributor
    Feb 09, 2024
    I see... OK.. looks like I need to do some research about those groups to get more familiar with it... Thanks again!

Resources