MFA Required Conditional Access and External Guest

Jeff Harlow · ‎Apr 08 2021

I am just venturing into Conditional Access Policies. Other than Legacy Auth (there is a separate discussion on that) the other policy is MFA enforcement. Up to this point I have all our employees set to enforce from the MFA page under O365. I want to make this across the page, so I do not have to keep enabling this for new employees. However, I do not at this point want external users impacted that share content between OneDrive and SPO. So, on the CA policy, I selected include "select users and groups" then selected a group that contains ALL of our employees. Is there anything else I need to do and will this enough? Eventually, I will add external guest accounts, but I will have to run that through change control so that all our employees are aware of that change.

Vasil Michev · ‎Apr 08 2021

That should do it, or alternatively you can go the opposite direction - add an Exception to your rule to exclude "All guest and external users".

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

MFA Required Conditional Access and External Guest