You need to create Guest users, which is what the last two methods address (well, they're the same method really). As for enforcing MFA, you will need to create a CA policy scoped to said users, or all Guest users.
Bulk Create Azure AD object to allow login with personal email address and secured with MFA/2FA?
EnterpriseArchitect
5,511
Reputation points
Hi All,
I need to know which Azure object I need to create to allow 1000+ users from .CSV file below:
First Name, Last Name, Email, PhoneNumber
These are my criteria:
Login: using their own email address (not from my accepted email domains)
Security: 2FA/MFA enforced (hence I assume a Minimum of M365 F1 license is required.
Access Resource / URL: Share Point online that is managed and created by my internal team.
I'm also using Hybrid OnPremise AD DS - Azure AD sync (PHS), using Azure AD Connect.
So I wonder which object to create:
- Synchronized OnPremise AD Mail User New-AzureADUser (AzureAD)
- Azure AD MS Invite user New-AzureADMSInvitation (AzureAD)
- Azure Guest User: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-invite-powershell
Thank you in advance.