MFA and Guest Access

Iron Contributor

As it stands right now, if I include guest users in my MFA requirements (via Conditional Access), they are required to set up MFA for our tenant specifically, in addition to the MFA they have for their own tenant. What I was expecting to have happen when I added a guest was that our MFA requirement made sure that they had MFA enabled on their account, not that it would have a separate MFA policy unique to our tenant. Is there a way to tweak this? If they've already proved their identity with two forms of authentication, why should they need to prove it again with a third? But I definitely want to make sure that guest users have MFA somewhere along the authentication chain, which presumably means that I can't remove them from the CA policy.

6 Replies
It's how it works currently. And there are changes coming in this space, so stay tuned.

@Vasil Michev Wow - we're just starting a project activating MFA for 10,000+ Guests and we suspect it will be chaos since the guests are not really supported by us but use our apps. But if you tell us change is coming here and we should wait - please tell us a liiiitle bit more? ;)

I'm sure you will hear a lot about it at Ignite next month :)

did this ever get resolved


@Jason Tenpenny 

what was said?
best response confirmed by ChristianJBergstrom (MVP)
1 best response

Accepted Solutions