Forum Discussion
Guest accounts and MFA via Conditional Access in MS Entra
I run into something similar a while back, the culprit was per-user MFA. Not entirely sure how this translates to guest users though, so you will have to check both your tenant and (ask someone to check) their home tenant for per-user MFA and reset it if configured.
Here are my ramblings just in case: The strange case of a login loop caused by phantom "proofup" requirements - Blog
ok... This is an interesting one! Just FYI - I have migrated legacy per-user MFA to MS Entra just few days ago...
Not sure however how the scenario you described could affect GUEST account in our tenant (MFA was not enabled for them). I have also deleted the GUEST user completely so that it is re-created when accessing our sharepoint again -> didn't help either... However, it may be an issue in their tenant with per-user MFA....who knows :)
Anyway, I have enabled MFA Trust for their tenant and the issue is gone.... Was a strange issue, will try to investigate a bit more.... if I find anything, I will update here ;)
They can have per-user MFA enabled in their home tenant, but you have no visibility on that. If you are in contact with some admin on their end, you can have them check/reset the methods.
May I ask you somehting - as I am not 100% sure here and hope you may give me some more "light" into this.
If I do not have MFA trust enabled, and I have GUEST user that completed MFA, I would expect I can see some details in "Authentication methods" in MS Entra for that user? If I understand it properly, MFA for those GUEST (who I do not have MSF Trust enabled) should be managed in our tenant.... so in case there is an issue at some point, I should be able to force "RE-REGISTER" MFA?