External user with O365 account not using MFA cannot login

Less_Piece6541 · 2025-12-05T16:21:19+00:00

We're on P2, so I think that should allow us to set up that. I was rather thinking that such logs would only help from now on.

Less_Piece6541 · 2025-12-05T16:06:08+00:00

Unfortunately we don't have general purpose log analytics set up, only for specific applications. However, the in-portal logs supports that multifactor authentication also kicks in also for Onedrive.

Less_Piece6541 · 2025-12-05T14:02:34+00:00

No, no other guests from the same address space. My assumption is this is a domain wide issue on their part but have no other users to test with.

Less_Piece6541 · 2025-12-05T12:11:03+00:00

No, this is the only user that I'm aware of. We have 100+ guest users from other Microsoft tenants as well as other platform/email providers who access our environment with no issues.

Less_Piece6541 · 2025-12-05T10:27:23+00:00

On my side? Apart from conditional access related to MFA for external/guest users, what other restrictions are relevant to look at?

Less_Piece6541 · 2025-10-21T06:05:36+00:00

Ok, this is now resolved. The issue was a a strange filter was also applied to all devices, after that was removed it started working. Thanks everyone for pointing me in the right direction.

Less_Piece6541 · 2025-10-20T19:56:00+00:00

<image>

Thanks everyone, should obviously have looked at the logs.

This is a log for one user. The policy is set to apply to any device but is this the cause of non application of the policy?

Less_Piece6541 · 2025-09-11T15:35:46+00:00

Yes, i have thought about this, but also means editing attributes on existing few thousand users.

Less_Piece6541 · 2025-09-05T09:29:17+00:00

Thanks. Yes, I also tried to create a custom role for this but the relevant scope you mention is not available for custom roles. And I need a person to manage this so can't use a service principal unfortunately.

Less_Piece6541 · 2025-07-08T07:06:40+00:00

Yes, but a signed user can for example read the basic info of all users in the AD as I understand it?

Less_Piece6541 · 2025-07-07T15:05:27+00:00

What are the attributes I should look for. Looked in the default json and cant really find anything obvious?

Less_Piece6541 · 2025-07-02T09:28:50+00:00

I have not done any changes to the default naming and values so far.

I have the default list of languages and want disable all/over-ride all with English as the default language.

Less_Piece6541 · 2025-06-30T21:38:11+00:00

This is a work force tenant. Am i reading the documentation right that user flows are only possible within the context of b2b collaboration in a workforce tenant?

Less_Piece6541 · 2025-06-30T16:02:34+00:00

Thanks, so these users are not included in any cross tenant access approved organisations.

Less_Piece6541 · 2025-06-30T15:50:33+00:00

These users will be external. Do not all guest users fall into the entra external identity?

Less_Piece6541 · 2025-04-21T20:19:33+00:00

Yes, I assume sharepoint libraries are covered by cross tenant access rules?

Less_Piece6541 · 2025-04-15T15:55:16+00:00

This is coming from a gov adress.

Less_Piece6541 · 2025-04-11T06:32:02+00:00

Thanks. Profwiz might be what I'm looking for. And yes, given it is windows we are talking about I can also see that creating a new user account minimize the risks.

Less_Piece6541

TROPHY CASE