The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

MFA for Guest accounts RRS feed

  • Question

  • so I have an enterprise application set up in AAD for an on premises app. AAD authentication works great for both my users and guest users. Outwith our locations MFA is required, again it all works as should however I have been asked if it is possible for the primary MFA authentication method for guest accounts to be set to their company email. The reasoning behind this is that these guest users work for third party organizations. I have no visibility into these so if a guest user leaves their organization (and then starts working for a rival) I don't know. If that guest user uses the microsoft app then they still could get access to our application. If they have to use email there is a very good chance that they would no longer have access to their company email and therefore could not complete MFA. 

    My thought is that what is being asked is not actually possible but i would like to know if anyone has a workaround or any suggestions on how to handle this.

    Tuesday, October 8, 2019 10:09 AM

All replies

  • As of today, the MFA (second factor authentication) is only via the following methods - Notification through mobile app, Verification code from mobile app, Call to phone and Text message to phone.

    However, before getting to the MFA challenge, users would have to use the email/login credentials. So if you have these guest users use their company email to for the login, they would not be able to get to the MFA challenge if they do not have access to their login credentials.

    Let us know if that helps or if you need further help.

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Wednesday, October 9, 2019 5:30 AM
  •  Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks

    Friday, October 25, 2019 10:48 PM