SOLVED

MCAS portal & MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-1503370%22%20slang%3D%22en-US%22%3EMCAS%20portal%20%26amp%3B%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503370%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20enforce%20MFA%2FConditional%20Access%20for%20external%20users%20who%20have%20been%20given%20access%20to%20MCAS%20portal%20through%26nbsp%3BSettings%20--%26gt%3B%20Manage%20admin%20access%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Azure%20ATP%20this%20is%20pretty%20straight%20forward%20as%20you%20have%203%20groups%20named%20%22Azure%20ATP%20%3CTENANT%20name%3D%22%22%3E%20Administrators%22%2C%20....%20Users%2C%20...%20Viewers%20in%20Azure%20AD.%26nbsp%3B%3C%2FTENANT%3E%3C%2FP%3E%3CP%3EOn%20the%20other%20hand%20MCAS%20doesn't%20have%20any%20related%20groups%20in%20Azure%20AD%2C%20neither%20dedicated%20roles.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EJan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1503370%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1504740%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20portal%20%26amp%3B%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504740%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F717318%22%20target%3D%22_blank%22%3E%40jcescut%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20had%20a%20quick%20look%20around%20and%20must%20admit%20that%20I%20can't%20find%20anything%20obvious%20for%20this%20as%20you%20say.%26nbsp%3B%20The%20external%20users%20invited%20to%20access%20MCAS%20have%20no%20obvious%20presence%20in%20Azure%20AD%20from%20the%20inviting%20tenant%20like%20a%20guest%20account.%26nbsp%3B%20Looks%20like%20it's%20not%20something%20you%20can%20set%20just%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Is it possible to enforce MFA/Conditional Access for external users who have been given access to MCAS portal through Settings --> Manage admin access ?

 

With Azure ATP this is pretty straight forward as you have 3 groups named "Azure ATP <tenant name> Administrators", .... Users, ... Viewers in Azure AD. 

On the other hand MCAS doesn't have any related groups in Azure AD, neither dedicated roles. 

 

Kind regards,

Jan

2 Replies
Best Response confirmed by jcescut (Occasional Contributor)
Solution

@jcescut 

 

I've had a quick look around and must admit that I can't find anything obvious for this as you say.  The external users invited to access MCAS have no obvious presence in Azure AD from the inviting tenant like a guest account.  Looks like it's not something you can set just yet.

@PeterRising : thanks for your reply. At least I know I'm not missing something obvious. :)