Skip to content

Conditional Access policy for Guest and External Accounts

Conditional Access policy for Guest and External Accounts

In post, I will go through the steps of setting up a Conditional Access Policy which will enforce MFA for Guest and External Accounts. This will add another layer of protection if guest account credentials were compromised.

To get started we need to sign into the Azure Portal then in the search bar type: Conditional Access:

Table
Description automatically generated with medium confidence

On the Conditional Access Policy Page, Click on “+ New Policy”

On the new policy page, start by providing a name for the policy, for this example I will call it “Enable MFA for Guests”

On the Assignment section, here is where we will select that it will apply to Guest Only.

Click on “Select users and groups” then select “All guest and external users”

Graphical user interface, text, application
Description automatically generated

On the next section we need to select which cloud apps this policy will apply to. Here we will select “All Cloud Apps”

Graphical user interface, text, application
Description automatically generated

On the second last part we need to specify if we want this to apply to a certain location. However, we want to make sure that guests from all locations are prompted for MFA. So on the “Conditions” section we will click on “Locations” and then toggle the switch the “Yes” and select “Any location”

Graphical user interface, application
Description automatically generated

Lastly, we need to configure the “Grant” part of the policy, here we will select “Grant Access” + “Require MFA”

Graphical user interface, text, application
Description automatically generated

To complete creation of the Policy, Change the Policy to “On” and then click on “Create”

A picture containing graphical user interface
Description automatically generated

Once your policy has been successfully created, It will be listed under all your Conditional Access policies.

Graphical user interface, text, application, email
Description automatically generated

Sharing is caring!

Published inAzureAzure Active DirectoryConditional Access

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *