cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can a Teams guest change second factor authentication method if not a Microsoft account?

DaveTheTeamsGuy
Iron Contributor

‎Jan 11 2023 12:21 PM

‎Jan 11 2023 12:21 PM

How can a Teams guest change second factor authentication method if not a Microsoft account?

Scenario:  Tenant requires guests to provide a second factor of authentication, either MS Authenticator or SMS challenge.  A guest is invited to a Team via their Gmail account.  

 

Question:  Once a guest chooses a 2fa method on initial account creation, how do they modify their authentication method or add another method?  The Additional security verification page referenced in the Change your two-step verification method and settings documentation does not allow non-Microsoft accounts to log in.

Labels:
3,106 Views
0 Likes
2 Replies
Reply
2 Replies
ChristianJBergstrom

‎Jan 12 2023 12:58 AM

‎Jan 12 2023 12:58 AM

Re: How can a Teams guest change second factor authentication method if not a Microsoft account?

You have to be signed in to the tenant where you are a guest. For example, if you go here https://myapps.microsoft.com/ with that Gmail account (which has an underlying MS account) and then click on the org. icon in the top right corner and then "Manage organizations" at the bottom right it will take you to the https://myaccount.microsoft.com/ where the security info can be updated.
0 Likes
Reply
DaveTheTeamsGuy

‎Jan 12 2023 01:32 AM

‎Jan 12 2023 01:32 AM

Re: How can a Teams guest change second factor authentication method if not a Microsoft account?

Thanks for the response, Christian - Yeah, I found some other ways as well a few hours after I posted this yesterday. You can also go to Manage account in Teams, but you have to use sign in options and type in the domain of the org you're working with.

The overall issue we have is, we have to use a CA policy to block guest access to services in the tenant that aren't approved for guest access (i.e., Power Platform). To do this, we use a block all / exclude Teams service dependencies for guest accounts. Problem is that also blocks access to the My Account panel, and in CA, there's currently no way to exclude that.
0 Likes
Reply