SOLVED

MCAS portal & MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-1503370%22%20slang%3D%22en-US%22%3EMCAS%20portal%20%26amp%3B%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503370%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20enforce%20MFA%2FConditional%20Access%20for%20external%20users%20who%20have%20been%20given%20access%20to%20MCAS%20portal%20through%26nbsp%3BSettings%20--%26gt%3B%20Manage%20admin%20access%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Azure%20ATP%20this%20is%20pretty%20straight%20forward%20as%20you%20have%203%20groups%20named%20%22Azure%20ATP%20%3CTENANT%20name%3D%22%22%3E%20Administrators%22%2C%20....%20Users%2C%20...%20Viewers%20in%20Azure%20AD.%26nbsp%3B%3C%2FTENANT%3E%3C%2FP%3E%3CP%3EOn%20the%20other%20hand%20MCAS%20doesn't%20have%20any%20related%20groups%20in%20Azure%20AD%2C%20neither%20dedicated%20roles.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EJan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1503370%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Is it possible to enforce MFA/Conditional Access for external users who have been given access to MCAS portal through Settings --> Manage admin access ?

 

With Azure ATP this is pretty straight forward as you have 3 groups named "Azure ATP <tenant name> Administrators", .... Users, ... Viewers in Azure AD. 

On the other hand MCAS doesn't have any related groups in Azure AD, neither dedicated roles. 

 

Kind regards,

Jan

2 Replies
Highlighted
Best Response confirmed by jcescut (New Contributor)
Solution

@jcescut 

 

I've had a quick look around and must admit that I can't find anything obvious for this as you say.  The external users invited to access MCAS have no obvious presence in Azure AD from the inviting tenant like a guest account.  Looks like it's not something you can set just yet.

Highlighted

@PeterRising : thanks for your reply. At least I know I'm not missing something obvious. :)