External users and Office365 Groups, What about 2FA?

Brass Contributor

At the last Tech Summit in Amsterdam there were several topics regarding Office 365 groups and the use of this infrastructural object with teams, outlook groups and planner etc.


It was mentioned that with outlook groups it was easy to add external users i.e. with a gmail account. Of course this would be wonderful. However there is a big question coming up.


With this new groups a lot of extra's come in, like the use Sharepoint. A Sharepoint site is added when setting up a manifestation of a group. As a company we have restricted acces policies on Sharepoint and we enforce 2FA on our emloyees when accessing form outside our premises.


We want to enforce 2FA also on external users of this new manifestations of Office365 groups, especially when the members are sharing our company's documents. What are the possibilities to enforce 2FA on our "guest members"?


With kind regards, Jaap Slot


PS. 2FA should be a available label

4 Replies

Hi @Jaap Slot,


Unfortunately this is not (yet) supported. To use your own 2FA solution for guest users, you will need to add externals to your corporate directory and block employees to directly invite guests.


We have implemented this for SharePoint Online but at the moment these 'on-premise managed external users' are only supported in SharePoint Online and not in Office Groups or anywhere else in Office 365. The specific guest setting 'Allow sharing only with the external users that already exist in your organization’s directory' is only applicable to SharePoint Online.


We have an outstanding feature request for this with Microsoft and I would recommend you do the same.


Feel free to contact me directly if you want more information.

Hi @Joost Koopmans

I posted this idea on uservoice:

"With the aquisition of LinkedIn a lot of identities are in reach. Maybe it will be possible to enforce only LinkedIn users with 2FA when trying to acces a customer tennant of O365?"

This could solve a lot of problems,..

@Jaap Slot, interesting concept, but I can imagine this will take some time for Microsoft to get adopted and implemented.

Today a Microsoft Operations Day. A lot of attention to security. Talking about red and blue teams. I guess 2FA is on a different team than O365 Groups, or the blue team on O365 hasn't looked upon O365 Groups and the validation of external users,..