Forum Discussion
External Guest invited to Team, after some days, MFA dialog is asked during login. Turn off?
Hi there,
we have a very new (few days old) Microsoft365 tenant (ms365 business standard, with two ms365 users and an additional unlicensed administrator account). We created a few teams inside Microsoft-Teams and wanted to add an external user to a team (invite via email address of this external user).
The guest user received an email, could log-into the Teams web-page (only using browser application, not native Teams application), entering the one time email code and then browsing around inside the teams resources. So far so good.
Today, all of a sudden, the login page of the Microsoft-Teams web-page, for this guest user, now presents this MFA kind of question, which you can postpone for 14 days only.
We have already checked in the azure admin portal about those security-default stuff and we have already disabled them on the very first day of this new microsoft365 tenant. (organisation level azure security settings).
We have also found this very discussion here on techcommunity: https://techcommunity.microsoft.com/t5/microsoft-teams/switch-off-two-factor-authentication/m-p/1231522
but which didnt help at all, as we already turned off that "security defaults".
How can we get rid of this MFA stuff for our guest, as we also wanted to add a number of more guests and we are at the beginning of testing and want to create a stable and clean situation right from the beginning.
Thanks for helping.
NadineOtto Hello, was about to write it's probably the Security Defaults but you have obviously disabled that. Anything under "Password reset" in AAD? The subscription you use does not include CA either so it can't be that. Can't say really what's happening here. Perhaps another member will reply.
Thanks for the reply, yes we pretty much immediately came across those security defaults and decided to turn that off in the main azureactivedirectory admin center, as far as we understand that would be a good thing to protect admin accounts. We only have a very small microsoft365 tenant or what these special vocabulary and wordings are, we only have two real paid-for business standard users on the microsoft365 and started a few days ago only. We then tried to invite a guest and do some early testing.
I didnt check for that azure password reset stuff yet, but I think we did not really re-configure or change settings at all after the initial basic ms365 setup and introduction via the admin centers. We vistited the teams admin center and the main admin center, created the two ms365 users there. We logged into both of these users via web-browser only, we created some basic teams team, then some channels in there, and invited this one guest (ourselves with a fresh external mail address on a different domain). On the first login of this first guest everything seemed normal. Login procedure was with a single email-code and then a normal user-set password.
Just recently we invited some second guest to a team/channel, and this second guest now immediately receives this 14days warning and mfa method hint. The dialogbox is in our local language/locale (german) and it reads that microsoft has activated securitystands to protect our account and there is that postpone for 14days link, then there are two links about documentation of security standards, select a different account and that continue button in blue.
We also compared this new experience with early summer last year when we started with a different microsoft365 tenant back then, also the same business standard product as far as I can tell, with 12 or 14users meanwhile, and we didnt have this kind of securit standards hassle or mfa stuff on that microsoft365 tenant last year and not til this day even if I am not completely mistaken. Also same country (germany) and pretty much same everything. Its a different tenant/customer/client, so not related to this situation here.
Wondering whats going on here 😞
Thanks.
Sounds odd, as if the security defaults is still active. If the prompts doesn’t say ”more information required” it’s not the SSPR prompt I meant. *edit* just read per-user MFA isn't possible for guest users, only using conditional access (cannot test to verify). If so, perhaps best to open up a support ticket.
