![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Managing external identities to enable secure access for partners, customers, and other non-employees
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
The message in the screenshot indicates that the external tenant is requiring an additional verification method (typically MFA) for the invited account, but the user has no way to complete that verification.
To resolve this, the administrator of the external tenant must adjust the sign‑in / sign‑up and MFA requirements for external users:
- In the Microsoft Entra admin center of the external tenant, review the sign‑up/sign‑in flow and Conditional Access policies that apply to external users.
- If a Conditional Access policy is requiring MFA for all users (including new external users) before they have registered any method, either:
- Exclude the external user (or the external user group) from that policy, or
- Change the policy so that MFA is required only after the user has successfully registered a method.
- If using Microsoft Entra External ID sign‑up flows, verify in the sign‑up logs that the user is not failing with OTP or attribute‑validation errors, and correct those if present. Use the error code lookup and sign‑up logs as described in the documentation to identify the exact failure and recommended remediation.
- After policy changes, have the external user sign out of all sessions and retry the invitation link in a new private browser session.
If the problem persists even after correcting MFA/Conditional Access, collect the sign‑up or sign‑in error code from the logs and use the error code lookup tool or open a support request as described in the documentation.
References: