Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Level 4 Contributor

Requirements for enabling Partner Security Requirements with Conditional Access Policies (and not Security Defaults)?

What are the requirements for meeting the updated (February 2020) Partner Security Requirements using Conditional Access Policies (and not Security Defaults)?


We already have Azure AD Premium, and need to continue to use other Conditional Access Policies in addition to the MFA requirements.  (Enabling Security Defaults is incompatible with continued use of Conditional Access Policies.)


I understand that https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#conditional-access has "step-by-step guides on how you can use Conditional Access to configure equivalent policies".  However, these are not equivilent.  In Security Defaults, all users will "be prompted for additional authentication whenever necessary" - where in the identified Conditional Access Policies, "Require MFA for all users" will require MFA for ... all users.


I am not concerned about requiring MFA for all USERs.  We have been for well over 2 years now, longer than even Microsoft's requirements.  My concern is not unconditonally requiring MFA for all GUESTs - I.E., our customers who we provide access to a very restricted set of externally-accessible SharePoint sites.


Would this be the equivilent of requiring MFA registration, and then requiring MFA using a sign-in risk policy?  If so, for Medium and High risk sign-ins?  Or only High risk?