How to enforce MFA only where the home directory requires it
I have an app that uses Azure AD B2B. Some guest directories require MFA logins, others do not. When signing in to my application, this is not enforced/required. Users that belong to an organisation that normally requires MFA are not prompted.
Azure B2B has the option to require MFA, but this would set it for all guest organizations. Is there an option to force Azure B2B to respect the requirements of the guests home directory?
Azure B2B has the option to require MFA, but this would set it for all guest organizations. Is there an option to force Azure B2B to respect the requirements of the guest's home directory?
To assign the MFA to only selected B2B users in Azure AD B2B, you can follow the below steps.
To automatically move B2B users to a group instead of doing it manually, you can use a dynamic group. This group will move users to a particular group based on matching certain values.
- I have created a Dynamic group for moving B2B users to group automatically as below.
Go to Azure Portal > Azure Active Directory > Groups > New Group
External User creation
Create a conditional access policy and assign it to the group as below.
Go to Azure Portal > Azure Active Directory > Security > Conditional Access > New policy.
When I try to access the application, it forces me to register for MFA as below.
- AAD groups claim missing in JWT token for some users
- How do I add claims from my custom claims provider to Entra External ID/Azure AD access tokens?
- Azure ADB2C Signup Page Customization
- Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
- Azure Active Directory B2B Pending and Accepted User Reports
- Azure AD B2B API failing for sovereign cloud
- Property 'onPremisesSyncEnabled' does not exist as a declared property or extension property
- unable to list the properties of azure ad user (createddatetime)
- Azure Go SDK - Guide for Multi Tenant Authentication
- How to enforce MFA only where the home directory requires it
- Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file
- Can't find Powershell command to grant admin consent
- Using Azure AD with ASP.NET Core Identity
- Azure AD and Azure AD B2C using same JWT token
- Azure Active Directory: Difference between adding multiple platforms as Web and SPA to single applications instead of an application for each?
- The client id '<my_client_id>' specified in the request is not registered in tenant '<myB2cDomain>.onmicrosoft.com'
- Is it possible to revoke Mfa sessions from graph
- AddMicrosoftIdentityWebApp with two providers isn't setting IsAuthenticated
- Updating mobileNumber using graph giving { }
- Unable to revoke admin consent for added permissions: Powershell
- Valid parameters for New-AzureADGroupAppRoleAssignment PowerShell
- Get groups user is memberof azure cli
- Error occurred while executing GetServicePrincipalOAuth2PermissionGrants
- Grant admin consent failed for office 365 api permissions
- Unable to create client secret from Powershell
- How to work with GO SDK while Azure AD user creation?
- Add User as owner of Azure AD Group through REST API
- Getting 400 Bad Request error while trying to move Azure resources via Postman
- Can't get ID token even with Auth code flow via Postman
- Unable to fetch ID of SharePoint API permissions