Azure-docs: All guest and external users (Preview)

Created on 22 Jan 2020 · 8Comments · Source: MicrosoftDocs/azure-docs

In the current Conditional Access policy I can select All guest and external users (Preview) instead of All guest users (Preview). I've tested with External User sharing in Onedrive, but users are not prompted for MFA. Users just had to put in a verfication code send trough email, wich is the default flow. What is the definition of a external users, and how does this work with MFA?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 38883fa1-020d-1721-56fd-d92a99a2cef9
Version Independent ID: ea2e2ce3-3316-d0bd-16b6-aa036a6af806
Content: Tutorial - Multi-factor authentication for B2B - Azure AD
Content Source: articles/active-directory/b2b/b2b-tutorial-require-mfa.md
Service: active-directory
Sub-service: b2b
GitHub Login: @msmimart
Microsoft Alias: mimart

B2subsvc Pri2 active-directorsvc assigned-to-author doc-enhancement triaged

Source

BakkerJan

All 8 comments

@BakkerJan
Thanks for your feedback! We will investigate and update as appropriate.

MarileeTurscak-MSFT on 22 Jan 2020

@msmimart can you please help here.

SaurabhSharma-MSFT on 27 Jan 2020

Any update to this? We are testing out cloud MFA for external users accessing shared OneDrive docs from our organization and we are experiencing exact scenario that BakkerJan outlines.

rich872 on 28 Jan 2020

👍1

We also need info on this, since Microsoft Partners are now obligated to enforce MFA for all users, guests included, with baseline policies that will be replaced with security defaults.

Hbaele on 19 Feb 2020

👍1

Need a fix for this, please. MFA is core to all access. Please update or provide work around.

Markiebofficial on 2 Mar 2020

👍1

@msmimart any update?

BakkerJan on 16 Apr 2020

Thanks for your patience, apologies for the delay -- SharePoint guests aren’t always B2B guests and therefore don't always authenticate through Azure AD, in which case Conditional Access wouldn't factor in. As a workaround, you can turn on the SharePoint public preview feature to always create B2B users for sharing so those users will always go through Azure AD authentication, including Conditional Access as appropriate.