'Is it possible to enable MFA for the guest users?

I have created guest users in my Azure AD tenant by sending invitations via email following this link https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal.

The guest users are added to my tenant once they accept the invitation. Now I have assigned some applications to the guest users that they can access.

To enhance the security, I want to enable two-factor authentication for the guest users when they are accessing the application. Is it possible to enable MFA for the guest users? If yes, can anyone guide me with the steps

azure-active-directorymulti-factor-authentication


Solution 1:[1]

Yes, it is possible to enable MFA for guest users.

To achieve your requirement, please follow the below steps:

  • Make sure whether you have Azure AD premium P1 or P2 license which is necessary to create conditional access policy.
  • To create conditional access policy, Go to Azure portal -> Azure Active directory -> Security -> Conditional access -> Policies -> New policy.

enter image description here

image2

In Grant tab, Select "Grant access" and Check mark "Required Multi factor authentication". Enable policy by selecting it On and Create.

enter image description here

I have tried in my environment, after creating policy I signed in as a guest user from Incognito window and it prompted for two factor authentication like below: enter image description here

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Synapse external table "Unauthorized"

How to redirect from VB.NET legacy web application login page to azure portal to validate azure ad with MFA

Receive a request when Azure AD User receive a call

Can I use SVG within a customized the Azure AD B2C user interface?

Connecting to Dynamics 365 TDS-enabled database with OLEDB Linked Server

How do I define the SignedOut page in Microsoft.Identity.Web?

Azure AD API request 401 Unauthorized

Using multiple authentication providers in C# .net core

Active directory check if user belongs to a group

Web API with Microsoft Identity Platform Authentication

azure ad authentication issue with razor handlers

How to open the file on browser instead of downloading in local that is stored in Azure Data lake Gen 2

Error - Intent filter for: BrowserTabActivity is missing. While using AzureAD MSAL Lilbary

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

what is role of User did in Verifiable Credentials ? did:ion:username and when user did will generate?