Feb 17 2017
- last edited on
Jan 14 2022
I'm excited about the new introduced features and I immediately tried it out. What my customer are looking for is to enhance the external collaboration on their SharePoint Online. I want to enforce MFA for all or selected external users. The users are already added to the AAD the SPO belongs to (owner tenant). I've enabled a conditional policy in the new Azure Portal for the enterprise application named "Office 365 SharePoint Online" but even after an our for potential sync between AAD and SharePoint the policy is not working. I tested the MFA enforcement with a basic ASP.NET app hosted and registered as an enterprise app in the same tenant. The policy is working if enabled for this app. The external user had to enroll using MFA and the access is granted as expected. I then changed the policy to not select specific apps but the apply to all apps in the tenant. But also without any noticeable results even after some time passed.
Is it a bug? A feature? Or a topic on the roadmap? Any ETA? It is a really important app in the AAD ecosystem and respecting the AAD policies would be beneficial if not mandatory!
Feb 23 2017 08:28 PM
Feb 27 2017 10:57 AM - edited Feb 27 2017 11:01 AM
Marco - can you try the instructions I have included here to enable MFA for SPO and let us know if it works for you?
Let’s say the goal is: MFA for guest users only, accessing SPO
Feb 27 2017 11:10 AMSolution
Feb 27 2017 11:25 AM
My (LAB) tenant is configured as first release and the DM is send already with my tenant name and ID. So glad a solution is already available and also scheduled for a nearby release :) Once I have the fix enabled in my tenant I will write back and mark your reply as the answer.
Apr 04 2017 09:21 AM
We have been informed by the SharePoint online team that during their private preview they have discovered an issue with this that has caused them to roll back this change. They hope to be able to deploy the fix by end of April. Please stay tuned.
Apr 17 2017 07:52 AM
Hi Sarat - Is the planned update still end of April and how will it be communicated?
Apr 24 2017 09:55 AM
Apr 19 2018 10:43 AM
what if we aren't on First Target Release? what do we do for conditional Access?
Jun 25 2018 03:18 PM
The feature is STILL not active.
...any updates.....it's been quite a while......
Sep 11 2018 01:47 PM
any update on this Sarat? We are looking to force our external users to use MFA and its been a long while since this was "coming". Does anyone have a solution? (I am looking for B2C - for an external user using their gmail or generic work accounts) Thanks in advance.
Sep 11 2018 03:42 PM
i too would like to know.
it is not easy to keep up with roadmap items on o365.