Forum Discussion
Enforce MFA to external users
Is there any news on enforcing MFA to O365 external users when they will access externally shared SPO sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled ...
I was able to confirm that you can use Conditional Access Policies (features Azure AD Premium) to enforce MFA for external users on publicly shared SharePoint sites. External users must enroll in MFA immediately after signing in. An account is created in your Azure AD with the users email and some extra characters. For every 1 licensed user , 5 external users could use MFA. Some external users were confused whether to use their work federated account or their windows live account, and that caused confusion. It had to be clearly articulated that the account shared to had to be the one logging in. This caused some grief because the site was shared to a Microsoft live account, but the external user was trying to access the site from their network which had SSO and forced them to use their federated work account.
Jesse Armstrong wrote:
I was able to confirm that you can use Conditional Access Policies (features Azure AD Premium) to enforce MFA for external users on publicly shared SharePoint sites. External users must enroll in MFA immediately after signing in. An account is created in your Azure AD with the users email and some extra characters. For every 1 licensed user , 5 external users could use MFA. Some external users were confused whether to use their work federated account or their windows live account, and that caused confusion. It had to be clearly articulated that the account shared to had to be the one logging in. This caused some grief because the site was shared to a Microsoft live account, but the external user was trying to access the site from their network which had SSO and forced them to use their federated work account."For every 1 licensed user , 5 external users could use MFA. " is that free to the external users?
Thanks in advance!
- Yes, it is free to the external users. It does require you to have Azure AD premium licenses, so E3 or E5
- Thank you! We're on E4.
