Home

Conditional Access - Require MFA for Guest Users

%3CLINGO-SUB%20id%3D%22lingo-sub-762861%22%20slang%3D%22en-US%22%3EConditional%20Access%20-%20Require%20MFA%20for%20Guest%20Users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-762861%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20-%20we%20have%20set%20up%20guest%20access%20on%20Azure%20AD%20and%20require%20all%20guest%20users%20to%20use%20MFA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20set%20up%20a%20conditional%20access%20policy%20that%20uses%26nbsp%3Bthe%20built-in%20%22All%20guests%20and%20external%20users%20(preview)%22%20option%20for%20the%20users%20to%20be%20included.%20This%20part%20works%20perfectly.%20However%2C%20it%20appears%20that%20in%20order%20to%20achieve%20this%2C%20there%20is%20a%20dynamic%20group%20created%20called%20%22All%20External%20Users%22.%20As%20you'd%20guess%2C%20this%20has%20all%20of%20the%20guest%20users%20listed%20in%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20comes%20when%20the%20guest%20user%20logs%20into%20the%20Access%20Panel%20(the%20portal%20they%20get%20to%20from%20the%20invitation%20email)%20and%20it%20shows%20them%20the%20Groups%20that%20they%20are%20members%20of.%20The%20first%20group%20is%20%22All%20External%20Users%22%20and%20it%20show%20all%20of%20our%20external%20users%20-%20some%20of%20which%20are%20competitors%20-%20to%20the%20logged%20in%20guest%20user.%26nbsp%3B%20Can%20this%20specific%20group%20be%20hidden%20from%20guest%20users%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763181%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20MFA%20for%20Guest%20Users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763181%22%20slang%3D%22en-US%22%3EHi%20Pete%2C%20I%20believe%20guest%20users%20can%20see%20your%20directory%20members.%20Try%20this%3A%20-%20Go%20to%20Azure%20Active%20Directory%20-%26gt%3B%20User%20Settings%20-%26gt%3B%20Manage%20external%20collaboration%20settings%20Check%20if%20the%20%22Guest%20users%20permissions%20are%20limited%22%20is%20configured%20to%20%22yes%22%2C%20if%20not%2C%20please%20change%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-764444%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20MFA%20for%20Guest%20Users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-764444%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F267638%22%20target%3D%22_blank%22%3E%40Corsino%3C%2FA%3E%2C%20thanks%20for%20your%20response.%20I've%20checked%20the%20%22Guest%20users%20permissions%20are%20limited%22%26nbsp%3B%20setting%2C%20and%20it%20is%20already%20set%20to%20%22Yes%22.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi - we have set up guest access on Azure AD and require all guest users to use MFA.

 

We have set up a conditional access policy that uses the built-in "All guests and external users (preview)" option for the users to be included. This part works perfectly. However, it appears that in order to achieve this, there is a dynamic group created called "All External Users". As you'd guess, this has all of the guest users listed in it.

 

The problem comes when the guest user logs into the Access Panel (the portal they get to from the invitation email) and it shows them the Groups that they are members of. The first group is "All External Users" and it show all of our external users - some of which are competitors - to the logged in guest user.  Can this specific group be hidden from guest users? 

 

 

2 Replies
Hi Pete, I believe guest users can see your directory members. Try this: - Go to Azure Active Directory -> User Settings -> Manage external collaboration settings Check if the "Guest users permissions are limited" is configured to "yes", if not, please change it.
Highlighted

Hi @Corsino, thanks for your response. I've checked the "Guest users permissions are limited"  setting, and it is already set to "Yes".  

Related Conversations
Non organisation are members also guests?
TournamentRef in Microsoft Teams on
2 Replies
Tailored Access database- where to order
masha2020 in Access on
1 Replies
Creating a live connection with Microsoft Planner
kasandra in Planner on
2 Replies
Sequencing based on the Value
rolo1007 in Access on
3 Replies
How to start a access web database
Leber01 in Access on
1 Replies