Is there an alternative method for 2FA for external guest when accessing a sharepoint link? Some users don't have a smartphone and we would like to use a desk phone call.

Damian A. Rivas 0 Reputation points
2024-09-12T14:14:32.1233333+00:00

We have recently enabled 2FA for Microsoft accounts and now it appears that in doing so, some external guests can no longer access the SharePoint link due to 2FA. So I have read that in order for them to authenticate with something other than the Microsoft Authenticator App you have to have conditional access policy configured so that the end-user can authenticate with a different method such as a phone call to their desk phone. Is that true? If that is true, does the administrator need to have a different license to set that up while all other end-users are assigned a basic or standard license?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,593 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,851 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanli Jiang - MSFT 25,621 Reputation points Microsoft Vendor
    2024-09-13T06:49:25.7733333+00:00

    HI @Damian A. Rivas ,

    Welcome to Q&A forum!

    You can set it in Microsoft Entra admin center.

    Expand Protection and click Authentication methods. On the right, you can see the authentication methods you already have. If you already have phone authentication, you can choose to enable it. The administrator does not need a different license to set this up.

    User's image

    For your reference:

    https://video2.skills-academy.com/en-us/entra/identity/authentication/concept-authentication-phone-options

    End users can perform verification settings according to the following articles.

    https://support.microsoft.com/en-us/account-billing/set-up-a-mobile-device-as-a-two-step-verification-method-772f64a1-bf7e-483d-8b5c-1d3945494e83

    https://support.microsoft.com/en-us/account-billing/set-up-a-phone-call-as-your-verification-method-e54d955d-ac82-4741-91e3-dae6c8bb9d98#:~:text=Sign%20in%20to%20your%20work%20or%20school%20account%20and%20then,Phone%2C%20and%20then%20select%20Add.

    Good day!

    If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Raja Pothuraju 5,345 Reputation points Microsoft Vendor
    2024-09-18T21:42:46.8966667+00:00

    Hello @Damian A. Rivas,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it seems that some external guest users are unable to access SharePoint sites due to MFA issues, and they cannot use the Microsoft Authenticator app at work. You're looking for alternative authentication methods for them to complete MFA. Yes, guest users can use other available methods to complete MFA, and registering these methods doesn’t require any additional licenses.

    To help guest users add another authentication method in your resource tenant, please follow the steps below:

    1. Ask your guest users to log in at https://mysignins.microsoft.com/security-info
    2. Since these users are guests in your tenant, ensure they are logged into the correct tenant's security info page. To do this, they should click on the organization icon in the top-right corner and select your directory. Please refer to the screenshot below for guidance. User's image
    3. After verifying the directory, ask them to select "+ Add sign-in method" and choose an appropriate MFA method. See the screenshot below for reference. User's image
    4. Once guest users add the phone method, they can set it as their default MFA method by clicking "Change."User's image If users only register one authentication method, there’s no need to choose a default method.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.