Office 365 enable MFA for external users and MFA reset

Office 365 enable MFA for external users and MFA reset – procedure

Enabling Multi-factor authentication (MFA) for external users can be accomplished by creating an Assigned or Dynamic Groups for external users, and then using this with a new Conditional Access policy.

Procedure

In Azure Active Directory Groups

Create a new security group, name your new group and select membership type assigned
Add the desired external users to this group

Under Conditional Access – Policies

Create a new Conditional Access Policy

Assignments
- Include the new group you created
- Cloud apps: Select the desired apps
- Conditions – Any Locations
Access Control
- Grant Access – Require Multi Factor authentication
- In the end, toggle the Enable policy button to On, and then Create the policy

Note: In spite of the fact that the procedure is manual, it can be automated by using dynamic groups and all the external users will be automatically added to the group.

How to create a dynamic group in the cloud and assign MFA for external users through policy

Example:

Create a dynamic group Dynamic_Group
Add all the external users using the following query UserType Equal Guest
The group will be automatically populated with all the external users

In order to reset the MFA, execute the following PowerShell command

Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName gsamoogle_gmail.com#EXT#@ WoodGroveAzureAD.onmicrosoft.com

Reference: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-mfa-instructions

By admin|2018-03-20T15:27:34+00:00March 20th, 2018|Azure, Office 365|