Jan 22 2020 10:06 AM
Jan 22 2020 10:06 AM
I'm using Teams with two different organizations, but a single O365 account.
With my home organization, I have multi-factor authentication that has options to call/text my cell phone, call my home phone, call my office phone, or use Microsoft Authenticator, and I can successfully pick the 2nd factor for whereever I am (in office, home, or on the road with my mobile). Everything is great!
I also work with a second organization who also uses Teams, and they added me to their team with my home organization O365 account, but they also require multi-factor authentication.. So when when I first logged in, I specified my home organization email and password and then I was prompted to set up MFA.. I was on the road at the time, so I specified my mobile for the 2nd factor, and everything seemed to be fine, I could log in to both organizations' Teams sites and work..
The problem however showed up later: when I was back in the office, I tried logging into our partner organization again, and this time, it said it had sent a code to my mobile (we can't bring our mobiles into the building where I work), but I had no options to use any of my other MFA options, it could only use my cell phone as the 2nd factor.. OK, so run out to my car to get the code and run back in to find out that the validity period had expired, tried again several times and finally got in.. Went to the account settings where the option to change multi-factor authentication settings was, and Teams sent me to my home organization MFA setup page, where all of my MFA options were already provisioned (office phone, home, mobile, MS Auth). I changed the default to office phone, but when I logged out of our partner organization and tried to log in again, the 2nd factor was still my cell phone and no other options were available.
The admin at the partner organization says he has no options available to him to change my settings, and my home organization admin has confirmed that as far as he can tell, everything is set up properly.. Does anyone out there have any clue to how I can get the MFA settings for the 2nd organization to respect my home organization O365 MFA options, or if there's a way to get to a settings page for the 2nd organization specifically (again, even when I am logged into the partner organization's Teams site, the account settings options always send me back to my home organization's options, but the problem is that my preferences don't seem to be propagated back to the partner org)??
Jan 22 2020 11:24 AM
Aug 02 2021 01:54 PM
Aug 03 2021 01:07 AM - edited Aug 03 2021 01:54 AM
Hi, try this resolution https://stackoverflow.com/questions/63079154/how-does-a-guest-user-reset-their-ms-authenticator-mfa-...
Adding these so you can verify your settings.
Btw, if no luck reach out to the guest orgs admin to have them enabling your account for re-registering MFA.
Found this on the topic, you should vote on it to stay updated when status changes B2B Scenario - the B2B Guest User should use the MFA or their autheticating tenant – Azure Product F...
Jul 11 2022 12:20 PM - edited Jul 11 2022 02:53 PMSolution
Adding to this old topic as we now have a Trust MFA check box in the Cross-tenant access settings in Azure AD. In preview but works great.