MFA for Guest Users works for ExternalAzureAd but not with MicrosoftAccount

Princess Victoria Rosenthal 5 Reputation points
2023-08-12T08:19:02.1166667+00:00

Hello,

We use MFA in our tenant and it works good for certain identities like ExternalAzureAd.

But with MicrosoftAccount for example, it's not working.

We have the Authentication strengths like : Password + Microsoft Authenticator (Push Notification)

In the sign in Logs we can see : Require Authentication strength - : The user could satisfy this authentication strength by registering for one or more MFA methods.

Would you have any leads ?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,952 questions
{count} vote

3 answers

Sort by: Most helpful
  1. 2023-08-22T19:53:09.97+00:00

    Hello @Princess Victoria Rosenthal , enabling MFA for external or guest users should prompt for MFA when using a personal account. In case MFA is not enable or has been skipped you will see "Single-factor authentication" under the Authentication requirement column in the affected user sign-in logs. For more information on why MFA is not being enforced under Conditional Access take a look to the Conditional Access column/details of the aforementioned logs. Additionaly, to get the most out of the sign-in logs take a look to Use the sign-ins report to review Azure AD Multi-Factor Authentication events.

    For more information about setting up MFA take a look to Overview of Azure AD Multi-Factor Authentication for your organization, Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication, and Features and licenses for Azure AD Multi-Factor Authentication.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    1 person found this answer helpful.

  2. Shawn M. May 5 Reputation points
    2024-01-12T15:49:56.38+00:00

    @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Here is what I've come up with as a decision tree. Please let me know your thoughts on the accuracy of this.EntraObjectTrustDecisionTree


  3. Shawn M. May 5 Reputation points
    2024-01-12T15:53:25.34+00:00

    Small Correction on available AuthN types.EntraObjectTrustDecisionTree

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.