User Profile
CEL_RK
Brass Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Entra External ID (External Tenant) employee login question
Hello, We are creating an app for our customers. We have created an External ID Tenant for our customers to live in. We have set everything up and things are working as expected for the customers. I am struggling with the right settings for our employees to log in and manage/administrate inside the application. They currently have to MFA in twice when logging into this app using the same page that our customers use to log in. I have added these users as guests in the External ID tenant so that they can use the same credentials as our Work-Force tenant. This works, but as I said, they MFA in twice. Once for our Work-Force tenant, and once for the External ID tenant. I do have a conditional access policy set up to force MFA on anyone who has admin access to the External ID tenant, but when logging into our application, you have to MFA in EVERY time. When logging into Azure, it's very different. I seems to cache that I'm logged in, and/or cache that I've previously passed MFA and doesn't require it again. I have multiple questions: How can I stop having 2 MFA prompts every time an employee/admin logs into our application and keep things secure. I assume I could disable MFA on external guest accounts to get rid of one MFA prompt. My concern is that there is a way to directly log into the External ID tenant and bypass our Work-Force tenant which requires the MFA. Is there a way to disable MFA from my Work-Force tenant when logging into the app registered in the External ID tenant? Why is the app not operating like Azure Authentication. Shouldn't it keep my session open just like Azure does unless I log out or time out? Why does it not remember that I've previously satisfied MFA from my location. Is this something a developer needs to look at? I'm open to other suggestions as well to accomplish this. We are trying to avoid our tech support staff and other admins from having to MFA in twice when they access the admin section of this application.353Views1like1CommentExchange Online - Safe List Confusion
Hello, We just switched from Mimecast to Microsoft Defender for Office 365 (ATP). I'm a little confused about best practice with using Microsoft's SPAM filters (I had a similar question with Mimecast as well). Why does Microsoft say it's best practice to not add email addresses to the safelist (per documentation), yet prompts the users to add email addresses to their own safelist? Our users get prompted if they want to trust the sender in order to see HTML images in email. I assume this does the same thing as the global safe/allow list and bypasses some of the filtering in place. ThanksSolved