Forum Discussion
External Guest invited to Team, after some days, MFA dialog is asked during login. Turn off?
Thanks for the reply, yes we pretty much immediately came across those security defaults and decided to turn that off in the main azureactivedirectory admin center, as far as we understand that would be a good thing to protect admin accounts. We only have a very small microsoft365 tenant or what these special vocabulary and wordings are, we only have two real paid-for business standard users on the microsoft365 and started a few days ago only. We then tried to invite a guest and do some early testing.
I didnt check for that azure password reset stuff yet, but I think we did not really re-configure or change settings at all after the initial basic ms365 setup and introduction via the admin centers. We vistited the teams admin center and the main admin center, created the two ms365 users there. We logged into both of these users via web-browser only, we created some basic teams team, then some channels in there, and invited this one guest (ourselves with a fresh external mail address on a different domain). On the first login of this first guest everything seemed normal. Login procedure was with a single email-code and then a normal user-set password.
Just recently we invited some second guest to a team/channel, and this second guest now immediately receives this 14days warning and mfa method hint. The dialogbox is in our local language/locale (german) and it reads that microsoft has activated securitystands to protect our account and there is that postpone for 14days link, then there are two links about documentation of security standards, select a different account and that continue button in blue.
We also compared this new experience with early summer last year when we started with a different microsoft365 tenant back then, also the same business standard product as far as I can tell, with 12 or 14users meanwhile, and we didnt have this kind of securit standards hassle or mfa stuff on that microsoft365 tenant last year and not til this day even if I am not completely mistaken. Also same country (germany) and pretty much same everything. Its a different tenant/customer/client, so not related to this situation here.
Wondering whats going on here 😞
Thanks.
Sounds odd, as if the security defaults is still active. If the prompts doesn’t say ”more information required” it’s not the SSPR prompt I meant. *edit* just read per-user MFA isn't possible for guest users, only using conditional access (cannot test to verify). If so, perhaps best to open up a support ticket.
- Where do I find this legacy per-user MFA? TY.
- You can get there from the Azure portal and M365 admin portal.
Using the Microsoft 365 admin center, in the left nav choose Users > Active users.
On the Active users page, choose Multi-factor authentication.Thanks for that hint to this yet another admin center ;).
Arriving at the multi factor place at: account.activedirectory.windowsazure.com
I see all our users listed there, the guests with their external email addresses as well. And the column multi factor authentication status, is for all users, set to disabled.
What now? Confused. Thanks.