No MFA With Enabled Security Defaults For Particular (guest) User

Dieter Tontsch (GMail) 962 Reputation points
2023-01-04T14:42:02.717+00:00

We have two Azure tenants, in one Security Defaults is without MFA, in the other one it is with MFA. Basically in one tenant Security Defaults is enabled and in the other one it isn't.
Now, when a user form the tenant where MFA is not required (and it has no MFA enabled) is invited as a guest into the tenant where MFA is required, it looks like this user has to setup and use MFA for the login on that tenant (switch directory), correct?

How can I disable MFA for this particular (as a guest user) in the tenant where MFA is enforced?

When I am looking at per-user MFA page in the Admin Portal for all users Multi-Factor Auth Status is set to disabled for everyone, but I'm assuming this does not apply if the default is MFA (security defaults are enabled), based on default security defaults.

kind regards,
Dieter Tontsch

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
944 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,885 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 151.2K Reputation points MVP
    2023-01-04T14:51:48.427+00:00

    If you licensed for it ( P1)
    You would need to disable the Security defaults , then the recommendation is to create a conditional access policy that excludes the users you do not want to MFA:

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.