Feb 09 2024 04:49 AM
Hi,
I plan to enable template for Conditional Access for GUEST and External users to be forced for MFA. I just cant find answer whether this will affect also external users that we have shared SharePoint folders with? Will they be asked to user/register with MFA? ... or it will affect only users that are GUESTS members in our Entra?
Thank you.
Feb 09 2024 05:47 AM
SolutionHi @sumo83,
When you start using this template all external users will be included, see screenshot below. That means that all authentication to Entra that is not from a member user will be affected by this conditional access rule.
So to concretely answer your question: Yes this also applies to external users with whom you have shared an SP folder.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Feb 09 2024 09:02 AM
Feb 09 2024 03:57 PM
@sumo83 It depends who you share with and what platform he is on.
Feb 09 2024 03:59 PM
Feb 10 2024 02:25 AM - edited Feb 10 2024 02:26 AM
may I have one more question please...
as the external user is not a guest in our MS Entra.... how the MFA will work for him? Or will enabling MFA cause that also external users that are not a GUESTS will be added as GUESTS to our Entra?... Lets say that they will have issue with MFA at some point, on which site it needs to be fixed?
If they are as Guests showing in our Entra, i know their the MFA is managed by our Entra... But if I share it externaly via link, and they are not GUESTs in our Entra.... how MFA works in that case?
Trying to search for some good documentations and trainings... but these are not really answered there... :?
Feb 11 2024 02:42 AM
To enforce MFA through Conditional Access for users, it's necessary to activate the Entra B2B integration for SharePoint and OneDrive. In cases where SharePoint External Sharing is utilized, users authenticate by entering a verification code sent to their email. My personal advice is to opt for the Entra B2B integration, as it offers extra security enhancements. Check this > Microsoft Entra B2B integration for SharePoint & OneDrive - SharePoint in Microsoft 365 | Microsoft ...
Feb 28 2024 08:01 AM
Feb 28 2024 01:22 PM
Correct @sumo83. Just make sure that Email OTP is enable in Entra (should be by default).
Log into the Microsoft Entra admin center with Security Administrator or higher privileges. Navigate to Identity > External Identities > All identity providers and choose Email one-time passcode from the list of identity providers. Make sure that the value is set to Yes.
Feb 09 2024 05:47 AM
SolutionHi @sumo83,
When you start using this template all external users will be included, see screenshot below. That means that all authentication to Entra that is not from a member user will be affected by this conditional access rule.
So to concretely answer your question: Yes this also applies to external users with whom you have shared an SP folder.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,