Forum Discussion
Guest User gets MFA registration in my tenant, while having MFA in own tenant?
Michiel van den Broek I mean I'm disappointed that it's not a "guide your user ones in setting up MFA in their own tenant and don't worry about it when they enter a guest tenant". If my user gets a MFA setup everytime he is invited in another tenant, then he is not enjoying collaborating and will return to simply sending files with email.
Afaik it's by design, the reasoning being that the "resource" tenant can have specific requirements with regards to MFA, with no guarantee they will be satisfied within the "home" tenant.
VasilMichev Thank you!
I thought about this reason. But why is it different from e.g. MAM/MDM where you require a minimum of security setting (updated, pin set, no jailbreak, etc.) before accessing your files. So, if the user doesn't have a pin code, you require him to set a pincode to unlock his device. And if he has a pincode but it's 4 digits and you require 6 digits then the user has to change his pin. It's not like he's getting a second pincode.
Same for MFA. If the user has allready installed Microsoft Authenticator with this Azure AD account, then don't give him a second setup. Just use the setup that belongs to his "home" account.
1 username, 1 password, 1 MFA. That's already complicated enough to understand.
