If your practice has Multi-Factor Authentication enabled (MFA) guest users (clients) may be required to setup MFA when logging into Collaborate for the first time. If your practice would prefer not to use MFA for guest users, but retain it for internal users, refer to the guidance in this article.
Note: The following instructions are best performed by an IT professional, or by someone in your practice who has advanced knowledge of the policies implemented on your Microsoft Tenant. Incorrect configuration of these settings may result in all users being locked out of your Microsoft tenancy. FYI will not take any responsibility for incorrect configuration.
Conditional Access Rules
Conditional Access rules are used to control the login flow of users within your Microsoft tenant. Your practice may have multiple rules configured, and it is important to understand how each rule interacts with the other to avoid unexpected consequences.
To identify the rule/s that are applied when guest users login:
- Go to https://portal.azure.com and login as the Microsoft Administrator.
- Select Microsoft Entra ID.
- From the left hand menu, scroll down to the Monitoring section and select Sign-in logs.
- Search for the email address of the guest user account you wish to check. The details of the sign-ins for the user account will display.
Tip: Click Add filters and select User to search for a specific user.
- The sign-in details will display for the selected user. Click on an entry to display the details.
- In Activity Details: Sign-ins select Conditional Access. This will display all policies applied to the login.
- Once the policy has been identified, it can be adjusted.
Important: This section covers the changing of Conditional Access policies - if you are unfamiliar with how these work, refer to your IT Professional.
- From the left hand menu locate the Manage section and select Security.
- From the Protect section select Conditional Access.
- Select Policies and select the policy you wish to change.
The properties for the policy will be displayed.
- Click Specified users included and then select the Exclude tab.
- Select the following categories to exclude Guest Users (clients) from the policy
- Click Save.
If your practice has a single MFA policy applied for guest user accounts, this will disable the MFA prompt for external users. Internal users will still be prompted to enter MFA when logging in. If guest users are still receiving a prompt to setup MFA, return to Step 6 and look at the details of the sign-in to identify any other policies that may be applied.