"More information required" in partner tenant?

New Contributor

I'm getting the dreaded more information required when our users sign into partner tenants.  Note, this is a client tenant so I'm hesitant to ask them what is going on....seems odd.

 

We have MFA enforced, and conditional access policies, but when we sign into resources in their tenant it is requiring MFA?  I don't understand why we can't use the original MFA setup.

 

Note, we do not use default security policies in our tenant, do not allow password changes via OWA, etc. either.

 

 

4 Replies

This is not necessarily MFA related, might simply be the SSPR registration flow. In any case, best complete it.

Hi @meggerz , good morning. 

 

You can avoid this configuring Security groups on SSPR for the users you want to secure. I recommend give all users the possibility to change their own password from Office 365. If you are using Azure AD Connect and write-back options, this can update their passwords on-premises as well and works really well. 

 

You can find more info here. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

 

I hope this can help you. 

 

Good luck!

I should have mentioned the second screen it brings us to....  See attached.

 

 

I wanted to run through it further today but got a new error - we were flat out denied.  I'm wondering if it is conditional access on their end.

 

Regardless, I'd like to understand how using SSPR is really applicable to this?  Is it that they may be requiring a password reset via conditional access to their tenant upon first access?  I read it can also be that default security settings are not enabled.  I do not have them on my tenant, but is it possible they are enabled on the client tenant?

 

I'm super hesitant to turn on SSPR and default security settings.

Hi @meggerz !

 

Well, the screenshot is the option to configure MFA. You have a couple of options here, like TEXT or Calls. Also you can deploy Hardware Tokens. 

 

From the MFA configuration options in Azure AD you can enforce what method you want to user within your organisation. 

 

SSPR will allow the users to change their passwords from Office, but they need to meet with at least 2 requirementes: MFA configured and an external email address (not company address). With this 2 options the users can change the pasword themselves. 

 

Here you have info about MFA options_Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs 

 

Here you have more info about SSPR_ Self-service password reset deep dive - Azure Active Directory | Microsoft Docs

 

I hope this can help. 

 

Good luck!