We use B2B guest users and need the guests to only have access when they have access to their company domain email inbox.
Some B2B guests get around this by setting up Microsoft accounts using their company email address when their company isn't an Office 365 tenant. If they create a personal MSA account with their work email address. This Microsoft account remains active even when their employers deletes their domain account.
When a user is accepting and invite to be a B2B guest with us and has a Microsoft account, they are not even given the option to use OTP one-time password codes to confirm access to their mailbox before they access our resources as a B2B guest. All verification that they are still affiliated with their company is just thrown out at that point.
What options are available to tenants that accept B2B guests to prevent guest use of rogue Microsoft accounts?
We would like to require that guests either use Work accounts or OTP, but there is no option available to do this.
Is there anything we can do on our end to automatically deny requests for B2B guest accounts that are coming from MSA accounts?
Is there anything their employers can do to prevent their domain email addresses from being used for creating personal Microsoft accounts?
What other options are available to mandate that B2B guests only have access when they are active employees of their affiliate company?