EXT-02MediumRecommended Secure
Require MFA for Guest Users
Guest & External Access control for Microsoft 365 and Entra ID
Why This Control Matters
Guest accounts often have weaker security than internal accounts. Requiring MFA for guests ensures external collaborators meet the same authentication standards as your employees.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Guest users are included in MFA Conditional Access policies
- 2Guests must complete MFA on every sign-in
- 3Trust settings do not exempt guest MFA requirements
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Available
Ensures Conditional Access MFA policies include guest users
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.