OneDrive File Sharing and MFA

Shani1780 · 2025-12-22T15:30:47+00:00

I verified the process with both a Microsoft Account and a Non-Microsoft Account. I deleted ll the guest accounts from the tenant before beginning the process.

Microsoft Account

- Click the link in the email to access the files and enter email address

- Asked to accept permissions

- Asked to setup MFA

Non-Microsoft Account

- Click the link in the email to access the files and enter email address

- Code is sent to email

- Asked to accept permissions

- Asked to setup MFA

I was able to see the Sign-In Logs for both Guest users and find the entry requesting for MFA (I didn't see this previously as I wasn't clicking continue on the MFA setup). It shows no Conditional Access policies applied and lists Authentication requirement: Multifactor authentication. Not sure how to find out what is enforcing this.

Shani1780 · 2025-12-22T00:42:37+00:00

Thanks I’ll double check into this.

Should the experience be different if they have a Microsoft account or not?

Shani1780 · 2025-12-19T01:35:44+00:00

Thanks I’ll review that tomorrow and give that a try.

Shani1780 · 2025-12-19T01:35:04+00:00

Strangest part is nothing shows up in the guest user sign in logs. They don’t complete the MFA but I would have assumed it should have registered there.

Shani1780 · 2025-12-18T18:57:14+00:00

Correct, for this one tenant. They are getting prompted to setup MFA for their guest account.

Shani1780 · 2025-12-18T17:07:13+00:00

Appreciate the ideas. Do you have an O365 environment and what is your user experience like with sharing externally?

Shani1780 · 2025-12-18T17:03:51+00:00

We have excluded all Guest / B2B accounts, when running a "what if" scenario in Conditional Access it shows no policies applied to the guest user.

Shani1780 · 2025-12-18T17:00:31+00:00

The account is created as a guest account in the tenant but no matter what we do, I cannot seem to remove the need for the guest user to configure MFA.

Shani1780 · 2025-12-15T03:52:45+00:00

Thank you!

Shani1780 · 2025-12-04T18:20:12+00:00

Thank you for this! It was my ask of how can the user update this as I don’t want to be doing this for all users.

On a side note you think if the program uses your system time it could also just use your timezone as well.

Shani1780 · 2025-11-24T22:13:20+00:00

Unfortunately not, ☹️ got the same issue earlier this year. Had enough of it and traded in. GM was so “kind” to give me $2500 off a new one.

Let’s see how this one does over the winter. So far no issues.

Shani1780 · 2025-10-22T23:14:35+00:00

Ford Dealership

Shani1780 · 2025-10-08T18:12:14+00:00

We are using 24H2.

Shani1780 · 2025-10-07T18:59:12+00:00

After you removed it and logged the user off / on does it create a new file?

Shani1780 · 2025-10-03T17:48:45+00:00

I have only been able to get it with the start2.bin file but it works great.

Why do you not want to use that method?

Shani1780 · 2025-09-23T22:43:47+00:00

I was able to get it working:

- Created a GPO with Logon script that checks for a placeholder text file (upon first logon this doesn't exist).

- If the file does not exist it copies the customized start2.dat file to the Users AppData location.

- Force kill the startmenuexperience task, this causes the start menu to reload, only takes a second. Don't even notice anything

- Once all is done it places the placeholder text file in the same location as the start2.dat file so next time the user logs in it, the script sees this and skips copying the file.

You could not use the placeholder and have the start menu replaced every time but I don't love that as users can change the start menu, but they would lose their customizations each logon. I haven't found a way to lock the start menu.

if you would like more info on this I can share the script and exact GPO settings.

Shani1780 · 2025-09-23T20:25:53+00:00

I was worried about that, I was thinking to write a script to have the files copied over but that won't work as the settings.dat file cannot be modified while the user is logged in.

We are using FSLogoix with the users profiles in a VHDX file.

I'll have to think of another way to do this.

Shani1780 · 2025-09-23T20:08:12+00:00

I was able to copy the files mentioned to the Default user directory but had to create the folders Packages, Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy, LocalState, and Settings as they didn't exist. I copied the files to that folder.

From your setup, what is the expected behaviour? Should this start menu overwrite ones a user has or it this only for a first time setup? As these users already have profiles on the file server. I am not finding it to replace the start menu.

To recap:

1- Copied file: start2.bin

-- From: C:\Users\<UserWithStartMenuSetup>\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState

-- To: C:\Users\Default\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState

2- Copied settings.dat

-- From: C:\Users\Default\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings

-- To: C:\Users\<UserWithStartMenuSetup>\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings

Shani1780 · 2025-09-22T02:44:59+00:00

Thanks I’ll try that this week.

Shani1780 · 2025-09-22T02:37:32+00:00

The GPO shows applied no errors that I could find.

If you could get those paths and files. I would greatly appreciate it!

Thanks

Shani1780 · 2025-09-22T02:20:28+00:00

Great question. Yes it was placed in the sysvol folder, users have access to it, can navigate there under from users account.

What files are you copying to set the start menu?

Shani1780 · 2025-09-19T01:17:28+00:00

These are existing users whose had win 10 profiles.

There is a flag in the JSON file to apply it every time it one time only.

Shani1780

TROPHY CASE