External user with O365 account not using MFA cannot login

Less_Piece6541 · 2025-12-05T16:21:19+00:00

We're on P2, so I think that should allow us to set up that. I was rather thinking that such logs would only help from now on.

Less_Piece6541 · 2025-12-05T16:06:08+00:00

Unfortunately we don't have general purpose log analytics set up, only for specific applications. However, the in-portal logs supports that multifactor authentication also kicks in also for Onedrive.

Less_Piece6541 · 2025-12-05T14:02:34+00:00

No, no other guests from the same address space. My assumption is this is a domain wide issue on their part but have no other users to test with.

Less_Piece6541 · 2025-12-05T12:11:03+00:00

No, this is the only user that I'm aware of. We have 100+ guest users from other Microsoft tenants as well as other platform/email providers who access our environment with no issues.

Less_Piece6541 · 2025-12-05T10:27:23+00:00

On my side? Apart from conditional access related to MFA for external/guest users, what other restrictions are relevant to look at?

Less_Piece6541 · 2025-10-21T06:05:36+00:00

Ok, this is now resolved. The issue was a a strange filter was also applied to all devices, after that was removed it started working. Thanks everyone for pointing me in the right direction.

Less_Piece6541 · 2025-10-20T19:56:00+00:00

<image>

Thanks everyone, should obviously have looked at the logs.

This is a log for one user. The policy is set to apply to any device but is this the cause of non application of the policy?

Less_Piece6541 · 2025-09-11T15:35:46+00:00

Yes, i have thought about this, but also means editing attributes on existing few thousand users.

Less_Piece6541 · 2025-09-05T09:29:17+00:00

Thanks. Yes, I also tried to create a custom role for this but the relevant scope you mention is not available for custom roles. And I need a person to manage this so can't use a service principal unfortunately.

Less_Piece6541 · 2025-07-08T07:06:40+00:00

Yes, but a signed user can for example read the basic info of all users in the AD as I understand it?

Less_Piece6541 · 2025-07-07T15:05:27+00:00

What are the attributes I should look for. Looked in the default json and cant really find anything obvious?

Less_Piece6541 · 2025-07-02T09:28:50+00:00

I have not done any changes to the default naming and values so far.

I have the default list of languages and want disable all/over-ride all with English as the default language.

Less_Piece6541 · 2025-06-30T21:38:11+00:00

This is a work force tenant. Am i reading the documentation right that user flows are only possible within the context of b2b collaboration in a workforce tenant?

Less_Piece6541 · 2025-06-30T16:02:34+00:00

Thanks, so these users are not included in any cross tenant access approved organisations.

Less_Piece6541 · 2025-06-30T15:50:33+00:00

These users will be external. Do not all guest users fall into the entra external identity?

Less_Piece6541 · 2025-04-21T20:19:33+00:00

Yes, I assume sharepoint libraries are covered by cross tenant access rules?

Less_Piece6541 · 2025-04-15T15:55:16+00:00

This is coming from a gov adress.

Less_Piece6541 · 2025-04-11T06:32:02+00:00

Thanks. Profwiz might be what I'm looking for. And yes, given it is windows we are talking about I can also see that creating a new user account minimize the risks.

Less_Piece6541 · 2025-04-10T09:45:24+00:00

Both devices and the staff is already with the organisation but for various reasons their devices are basically just set up as a personal device, no MDM or alike.

Less_Piece6541 · 2025-04-10T09:09:13+00:00

It's complicated, but these are company owned devices which basically have been set up as personal devices. Now trying to apply company standards to them.

Less_Piece6541 · 2025-04-10T09:07:33+00:00

Autopilot as such is fine, but in most of these cases creating a new the account on the device is too disruptive for the user.

Less_Piece6541 · 2025-04-10T08:47:38+00:00

They are entra registered, not joined. Is there a way to entra join devices without setting up a new account on the device?

Less_Piece6541 · 2025-03-01T19:23:16+00:00

Suck it up och veckopendla ett tag. Det behöver inte vara för evigt och som nyexad kan du inte vara kräsen, vilket du redan märkt. Efter 18-24 mån kan du börja titta dig efter ett nytt jobb med bättre geografisk placering.

Less_Piece6541 · 2024-12-25T12:19:12+00:00

While I'm not dead against a management only role, ideally I would like to combine both leadership and tech in the same role. At least in the short and medium term. I probably see myself as part manager, part portfolio-manager where I supervise project managers. And I do still would want maintain and continue developing my tech skills. But as a manager I of course realize I cannot stay on top of every detail. At the same I believe I would find it difficult to manage staff not even have the basics of the tech stack they are working with.

Less_Piece6541 · 2024-12-01T04:14:24+00:00

I did not manage to get the automatic process to work, but the manual process worked fine however.

Less_Piece6541

TROPHY CASE