Forum Discussion

Jaap Slot's avatar
Jaap Slot
Brass Contributor
Mar 27, 2017

External users and Office365 Groups, What about 2FA?

At the last Tech Summit in Amsterdam there were several topics regarding Office 365 groups and the use of this infrastructural object with teams, outlook groups and planner etc.

 

It was mentioned that with outlook groups it was easy to add external users i.e. with a gmail account. Of course this would be wonderful. However there is a big question coming up.

 

With this new groups a lot of extra's come in, like the use Sharepoint. A Sharepoint site is added when setting up a manifestation of a group. As a company we have restricted acces policies on Sharepoint and we enforce 2FA on our emloyees when accessing form outside our premises.

 

We want to enforce 2FA also on external users of this new manifestations of Office365 groups, especially when the members are sharing our company's documents. What are the possibilities to enforce 2FA on our "guest members"?

 

With kind regards, Jaap Slot

 

PS. 2FA should be a available label

Office 365 Groups
SharePoint
  • JoostKoopmans1's avatar
    JoostKoopmans1
    Steel Contributor
    Mar 28, 2017

    Hi Jaap Slot,

     

    Unfortunately this is not (yet) supported. To use your own 2FA solution for guest users, you will need to add externals to your corporate directory and block employees to directly invite guests.

     

    We have implemented this for SharePoint Online but at the moment these 'on-premise managed external users' are only supported in SharePoint Online and not in Office Groups or anywhere else in Office 365. The specific guest setting 'Allow sharing only with the external users that already exist in your organization’s directory' is only applicable to SharePoint Online.

     

    We have an outstanding feature request for this with Microsoft and I would recommend you do the same.

     

    Feel free to contact me directly if you want more information.

    • Jaap Slot's avatar
      Jaap Slot
      Brass Contributor
      Mar 28, 2017

      Hi JoostKoopmans1

      I posted this idea on uservoice:

      "With the aquisition of LinkedIn a lot of identities are in reach. Maybe it will be possible to enforce only LinkedIn users with 2FA when trying to acces a customer tennant of O365?"

      This could solve a lot of problems,..

      • JoostKoopmans1's avatar
        JoostKoopmans1
        Steel Contributor
        Mar 28, 2017

        Jaap Slot, interesting concept, but I can imagine this will take some time for Microsoft to get adopted and implemented.

Resources