Azure AD tenant guests not prompted to register for MFA during invitation acceptance.

William Brooks 21 Reputation points
2021-09-22T05:37:19.853+00:00

I have an Azure AD tenant, using an Azure AD Free license. The tenant has Security Defaults enabled and has been in that state from the initial creation of the tenant. All users in the tenant, other than the tenant creator, are Guests.

The invitees come from different sources. Some are from a separate AD tenant within the same subscription, others are from external Microsoft accounts that are outside of my control.

During the registration process, some users are prompted to configure MFA authentication methods; others are not.

There appears to be a connection between the source tenant of the invitee and whether the MFA prompts occur. Invitees from the AD tenant within the same subscription are prompted. The invitees from unknown sources are not.

Based on my reading of the documentation regarding MFA and Security Defaults, I believe everyone should be required to register MFA in some supported form within 14 days of the initial sign-in. My experience so far has not borne this out.

Is this a misunderstanding or Security Defaults, or a misconfiguration? How does one ensure that all users within an tenant use MFA within the Azure AD Free license?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,526 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee
    2021-09-22T22:11:43.977+00:00

    If you are using a new tenant, it can sometimes take a while for these settings to kick in. Usually it's instant but I have observed rare cases where it takes a week or two.

    Since you are using the free version with security defaults enabled, you only use a subset of the MFA features and the users can only authenticate using the Authenticator app.

    This may require a support case to further diagnose, so I have included the support information in a private comment.

    0 comments No comments

  2. William Brooks 21 Reputation points
    2021-09-22T22:32:12.787+00:00

    Thank you for the response.

    The tenant in question is many months old and a subset of the tenant members are being prompted.

    My experience with this Q&A forums is exceptionally limited, where would I find the private comment that you referenced?

    0 comments No comments