Forum Discussion

MohFarah's avatar
MohFarah
Copper Contributor
Nov 06, 2023

MFA on specific Microsoft Teams meetings for external

I have a specific scenario that others may have encountered in the past.

 

Scenario:

 

The client I'm working for is a healthcare center that treats people from various places around the world for cancer. The doctors have Teams meetings with external parties to discuss patient information and healthcare plans, which are highly sensitive and should not be recorded.

Internally, there was a question regarding Multi-Factor Authentication (MFA) and external guests in these meetings. The question is, can we apply MFA specifically for external participants in these meetings between internal and external doctors? I'm aware that there are options related to Conditional Access (CA), but as you can see from the question, this is a very specific scenario. Is this technically possible?

 

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi MohFarah,

    in this specific scenario you've described, where a healthcare center conducts sensitive Teams meetings with external participants, and there is a concern about applying Multi-Factor Authentication (MFA) specifically for external participants, the technical options are limited within the standard Microsoft Teams settings.

    Here's how you can reolsve your scenario:

    1. Conditional Access for MFA: You can use Conditional Access policies to enforce MFA for specific groups of users or all users. However, this control is generally applied at the user level and not at the meeting level. So, while you can require MFA for all users or specific groups, it will apply to their overall access to Microsoft Teams, not just to individual meetings.

      This means that if MFA is enforced for external participants, it would apply to all interactions within Microsoft Teams, not just specific meetings.

    2. Meeting Policies: Within Microsoft Teams, you can control certain aspects of meetings using meeting policies. While you can restrict the ability to record meetings or present in meetings, you can't use meeting policies to selectively enforce MFA for external participants in specific meetings. Meeting policies are generally applied globally or to specific users or groups.

     

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • MohFarah's avatar
      MohFarah
      Copper Contributor
      Thank you for you reply regarding my question.
  • MohFarah You can kinda achieve this, but perhaps through combining multiple controls in Teams. The point is that MFAs purpose is to validate a user account, and by default Teams allows anonymous users to enter a meeting without an account.

     

    The first step would be to consider limiting who can join meetings, the Teams Meeting Policy setting for Anonymous Users Can Join a Meeting will prevent that user inviting anyone that isn't more known to the tenant, either as a member of the tenant or an invited guest. These policies are applied to users, so perhaps you assign them to a group of users that work with sensitive information.

     

    Next you need to invite your external doctors as guests, which creates an identity for them in your tenant, and you can use Conditional Access to require them to enrol and use MFA to authenticate.

     

    So in combination you can have meetings with only internal staff and external guests which have used MFA.

     

     

    • MohFarah's avatar
      MohFarah
      Copper Contributor
      Thank you for you reply regarding my question. I will check this out.

Resources