Conditional Access policy for Guest and External Accounts
In post, I will go through the steps of setting up a Conditional Access Policy which will enforce MFA for Guest and External Accounts. This will add another layer of protection if guest account credentials were compromised.
To get started we need to sign into the Azure Portal then in the search bar type: Conditional Access:
On the Conditional Access Policy Page, Click on “+ New Policy”
On the new policy page, start by providing a name for the policy, for this example I will call it “Enable MFA for Guests”
On the Assignment section, here is where we will select that it will apply to Guest Only.
Click on “Select users and groups” then select “All guest and external users”
On the next section we need to select which cloud apps this policy will apply to. Here we will select “All Cloud Apps”
On the second last part we need to specify if we want this to apply to a certain location. However, we want to make sure that guests from all locations are prompted for MFA. So on the “Conditions” section we will click on “Locations” and then toggle the switch the “Yes” and select “Any location”
Lastly, we need to configure the “Grant” part of the policy, here we will select “Grant Access” + “Require MFA”
To complete creation of the Policy, Change the Policy to “On” and then click on “Create”
Once your policy has been successfully created, It will be listed under all your Conditional Access policies.