Forum Discussion
Guest User gets MFA registration in my tenant, while having MFA in own tenant?
Afaik it's by design, the reasoning being that the "resource" tenant can have specific requirements with regards to MFA, with no guarantee they will be satisfied within the "home" tenant.
VasilMichev Thank you!
I thought about this reason. But why is it different from e.g. MAM/MDM where you require a minimum of security setting (updated, pin set, no jailbreak, etc.) before accessing your files. So, if the user doesn't have a pin code, you require him to set a pincode to unlock his device. And if he has a pincode but it's 4 digits and you require 6 digits then the user has to change his pin. It's not like he's getting a second pincode.
Same for MFA. If the user has allready installed Microsoft Authenticator with this Azure AD account, then don't give him a second setup. Just use the setup that belongs to his "home" account.
1 username, 1 password, 1 MFA. That's already complicated enough to understand.