Security defaults and external users

Robert D. Crane 46 Reputation points MVP
2022-07-22T12:15:58.323+00:00

If security defaults is enabled on a tenant does this force external users to also register for MFA when they access resources inside the tenant? Looking for documentation on the resolution of this.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2022-07-25T17:26:14.067+00:00

    @Robert D. Crane
    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue:

    Security defaults and external users:
    If security defaults is enabled on a tenant does this force external users to also register for MFA when they access resources inside the tenant?

    Solution:

    External users will be required to complete MFA registration when security defaults is enabled

    Links:
    Enabling security defaults will enforce MFA on external users
    All users should be changed to all "member" users #78194

    I've created an internal work item and PR to update our documentation to include this information, and it's currently waiting for the author to review and sign-off.
    Thank you again for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2022-07-22T14:43:11.647+00:00

    This issue over at GitHub is as official as you can get. I'm not sure why they haven't explicitly stated this in the documentation, but you can always submit a PR to have it updated :)


  2. Robert D. Crane 46 Reputation points MVP
    2022-07-23T00:11:39.807+00:00

    After testing for myself I can confirm that indeed external users will be required to complete MFA registration when security defaults is enabled. I wrote a blog post on the process plus links to reference articles - https://blog.ciaops.com/2022/07/23/enabling-security-defaults-will-enforce-mfa-on-external-users/

    Hopefully, that helps others searching for similar answers.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.