Security Defaults for Guest Users

Barnes, Richard 6 Reputation points
2022-06-17T15:30:31.97+00:00

I'm attempting to disable Microsoft Security Defaults for guest user accounts I create, but every time I create a test account and go through the process of accepting the invitation, I receive a prompt to setup MFA. I've gone through my Azure Active Directory / Properties / Manage Security Defaults link, and it's been set to off. What am I missing?

I do have 3 Conditional Access Policies set, but only 1 policy should deal with MFA. I've set that policy to exclude Guest Users, with no luck. I've even gone so far as to turn all 3 policies off (temporarily to test), and still have an issue?

Help... please... :-)

212592-security-defaults-off.png212601-security-defaults-mfa-enable.png212611-conditional-access-policies-off.png

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,705 questions
No comments
1 vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 20,596 Reputation points Microsoft Employee
    2022-06-17T23:23:19.4+00:00

    Hi @Barnes, Richard ,

    Thanks for your post! I understand that your users are still receiving prompts for MFA, even though you have disabled security defaults and excluded those users from the conditional access MFA policy. There are a few things I would check to troubleshoot this.

    1) Under "Manage security defaults" when you fill out the survey to disable security defaults, make sure that there are no errors that pop up when you click "Save."

    212652-image.png

    2) MFA may have already configured for some users and set up while security defaults was enabled. If this is the case, you can disable it in the Microsoft 365 admin center (ttps://admin.microsoft.com/#/users).

    Go to Users ** > **Active Users and select Multi-factor authentication. Then select the user you want to disable MFA for.

    212644-image.png

    3) Conditional Access requires the Premium P1 license and you need that to include or exclude users or groups, so I would confirm that you have the right number of licenses assigned.

    If none of these scenarios apply to your situation, feel free to let me know and we can further troubleshoot over email or get a support case enabled to look into your tenant setup.

    -
    If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily locate a solution.