Dec 02 2021 03:31 AM - edited Dec 02 2021 03:50 AM
We enabled MFA for guest accounts in a conditional access policy. I test it 2 weeks before with some gmail and hotmail private accounts and SharePoint. It was working fine. The guest accounts needed to do the MFA configuration and authentication.
Now I see at some guest account it receives the onetime passcode. I now this features is just rolled out by MS in november and is default enabled on all tenants. But what is now the behaviour with the onetime passcode and MFA for guest accounts? Do they get both or just one?
One-time passcode authentication for B2B guest users - Azure AD | Microsoft Docs
See picture below for conditional access for all guest accounts:
Dec 02 2021 07:58 AM - edited Dec 02 2021 08:02 AM
@Kem_Mal Hello, these are two different things. You have the CA enforcement of MFA configured for your external users according to the dump, and then you have the auto-enabling of OTP which is best described by attaching this.
Let me add this for the redemption flow as well (the invite)
Invitation redemption in B2B collaboration - Azure AD | Microsoft Docs
Consider enabling this (the way going forward)
Azure AD B2B integration for SharePoint & OneDrive - SharePoint in Microsoft 365 | Microsoft Docs
Dec 06 2021 03:29 AM
Dec 06 2021 03:36 AM
Dec 08 2021 07:04 AM
Dec 08 2021 07:23 AM