How can a Teams guest change second factor authentication method if not a Microsoft account?

Super Contributor

Scenario:  Tenant requires guests to provide a second factor of authentication, either MS Authenticator or SMS challenge.  A guest is invited to a Team via their Gmail account.  

 

Question:  Once a guest chooses a 2fa method on initial account creation, how do they modify their authentication method or add another method?  The Additional security verification page referenced in the Change your two-step verification method and settings documentation does not allow non-Microsoft accounts to log in.

2 Replies
You have to be signed in to the tenant where you are a guest. For example, if you go here https://myapps.microsoft.com/ with that Gmail account (which has an underlying MS account) and then click on the org. icon in the top right corner and then "Manage organizations" at the bottom right it will take you to the https://myaccount.microsoft.com/ where the security info can be updated.
Thanks for the response, Christian - Yeah, I found some other ways as well a few hours after I posted this yesterday. You can also go to Manage account in Teams, but you have to use sign in options and type in the domain of the org you're working with.

The overall issue we have is, we have to use a CA policy to block guest access to services in the tenant that aren't approved for guest access (i.e., Power Platform). To do this, we use a block all / exclude Teams service dependencies for guest accounts. Problem is that also blocks access to the My Account panel, and in CA, there's currently no way to exclude that.