Multi-Factor Authentication for external user’s – SharePoint Online

Posted On January 18, 2018 by Abhishek Kumar Posted in

Introduction:

Many of the organizations are using SharePoint Online in Office 365 as their content management system and it is essential to protect data so that the sensitive data does not slip into false hands. It is here we can use Multi-Factor Authentication and we can do this through Azure AD for that tenant by creating a Dynamics group for ‘External users’ and then create a conditional access policy and apply it to SharePoint Online.

Creating a Group for External Users:

Provide a name and description to this group and select membership type (Dynamic User). Click Add query -> Create to make the group dynamic.

It will take some time for the group to populate.
After Group is created, you need to provide Conditional access to this Group.

Create a Conditional Access Policy for SharePoint Online:

Provide the name to the policy. Under Assignment > Users and Groups, select Include > Select Users and groups > Select, and then chose the group whom you want to provide the policy (External users).

Under Assignment, go to Cloud Apps >Include > Select, and then choose the application (Office 365 SharePoint Application).

Under Condition, select Condition if you want.
Under Access Control, go to Grant and select Grant access and then choose Require multi-factor authentication.

At last, toggle the Enable policy switch to ON and click Create.

To verify if the policy is created, navigate to Conditional Access and check the policy name and if it is enabled.

Wait for few minutes for the policy to take effect, after that you can check by sharing a document from SharePoint to external user. It will ask for authentication (see below image).