You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)
A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.
Which users will be emailed a passcode?
User2 will receive an email passcode. User1, being an existing guest user in the fabrikam.com domain, will continue using their existing authentication method and will not be emailed a passcode. User3, being a user within the fabrikam.com domain, will also not be emailed a passcode as they are already part of the organization.
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode "When the email one-time passcode feature is enabled, newly invited users who meet certain conditions will use one-time passcode authentication. Guest users who redeemed an invitation before email one-time passcode was enabled will continue to use their same authentication method." User 1 is already a registered guest user in fabrikan.com so will not receive additional OTP. User 2 has never accessed fabrikam.com so WILL receive OTP each time they login. User 3 (providing email addy is not a typo) will not receive a OTP as they are a domain user. Answer is A.
idk why this has so many upvotes. it cleary states in the link you provided, that the user won't get OTP, if they have a microsoft account. User 2 has the domain "outlook.com". user 3 is a domain user and therefore won't receive an OTP. But User 1 (at least it does not say so anywhere) does not have a microsoft account, an azure ad account or a federation with another IP. he will always use OTP to authenticate not only once. so it has to be B.
Just because you have an Outlook.com account does not mean you have a Microsoft account. A Microsoft account is he account you associate with microsoft services at the time of need. It can be a gmail accoount or any kind of private account. I believe the ight answer is A, Users2 only. Exactly as explianed by Eltooth
After reading the article and googling what is qualified as a Microsoft account, I agree with @pheb. https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode
I agree, Answer should B. Reference Article: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode
Correct I have done the RnD.
I agree the correct answer is A.
the answer is A because the one-time passcode authentication is exactly that - it is required only once to authenticate an external account onto your EntraID "forever". There no two-time passcodes required. This is only to authenticate the external account onto your Entra. Its not a repetitive invitation. "Even the older \ legacy guest users who redeemed an invitation before email one-time passcode was enabled will continue to use their same authentication method.
He asking about who will sign with Passcod he not asking about MFA OTP Passcode only allows for non-entra email users and non-Microsoft accounts like Gmail
In exam today(23/2/22) this question was changed slightly "User3 : <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a7d2d4c2d594e7c0cac6cecb89c4c8ca">[email protected]</a> : personal gmail account" Options were, (a) user 1 only (b) user 2 only (c) user 3 only (d) user1 and user2 only (e) user1, user2 and user3
Yay! thank you! Because NONE of the three users listed here would receive a passcode according to https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode. User1 has an existing guest account, so no passcode. User2 has a Microsoft account, so no passcode. User3 is a tenant user, so no passcode. But a NEW user with a personal Gmail account WOULD receive a passcode!
Tested and verified - Answer is B
https://learn.microsoft.com/en-us/entra/external-id/one-time-passcode
as per https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode I believe the answer to be B
B When a guest user redeems an invitation or uses a link to a resource that has been shared with them, they’ll receive a one-time passcode if: They don't have a Microsoft Entra account. They don't have a Microsoft account. The inviting tenant didn't set up federation with social (like Google) or other identity providers. They don't have any other authentication method or any password-backed accounts. Email one-time passcode is enabled.
Correct Ans: A. User2 only
The email one-time passcode feature is now turned on by default for all new tenants and for any existing tenants where you haven't explicitly turned it off. This feature provides a seamless fallback authentication method for your guest users. If you don't want to use this feature, you can disable it, in which case users will be prompted to create a Microsoft account. I vote for A - user1
There is no right answer. User1 - Is already a quest user in fabrikan.com so they will not receive an OTP: "Guest users who redeemed an invitation before email one-time passcode was enabled will continue to use their same authentication method." User2 - This is an outlook account which is naturally seen as a Microsoft account without registering it as such. User will be prompted to just register with their Microsoft account and not have the option of OTP: "Accounts such as an outlook.com, hotmail.com, live.com, or msn.com account, are managed by Microsoft, and therefore already considered Microsoft accounts." User3 - this is just a normal user, not a quest user so they will not receive anything. Source: https://learn.microsoft.com/en-us/entra/external-id/one-time-passcode And a quick google search if outlook accounts are automatically Microsoft accounts which they are. Correct answer: E. None
passcode apply only to None Microsoft Entra or Microsoft account like (outlook or MSN)
Users who don't already have a Microsoft Entra or Microsoft account can sign in without having to create an account. Each time the user signs in to your directory, they receive a passcode via email for authentication. You can also enable self-service sign-up with email one-time passcode for specific apps in your user flows. https://learn.microsoft.com/en-us/entra/external-id/one-time-passcode
When does a guest user get a one-time passcode? When a guest user redeems an invitation or uses a link to a resource that has been shared with them, they’ll receive a one-time passcode if: They don't have a Microsoft Entra account. They don't have a Microsoft account. The inviting tenant didn't set up federation with social (like Google) or other identity providers. They don't have any other authentication method or any password-backed accounts. Email one-time passcode is enabled. Answer is A
A. User2 only because user 2 did not accept the invitation. When user 2 tries to access the fabrikam.com sharepoint resources, they will receive the OTP for authentication to add as a guest user and access the resources.
I think it's User1, because it clearly shows that send email passcode for one time users and also contoso is a guest user for fabrikam
User 2 has an outlook.com address with MS so no OTP for it. B on a technicality.
The answer to your question is: A <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="afdadccadd9defc0dadbc3c0c0c481ccc0c2">[email protected]</a> will be emailed a passcode. The reason is that <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f184829483c0b1929e9f859e829edf929e9c">[email protected]</a> is a guest user in fabrikam.com domain, which means they have already redeemed an invitation from fabrikam.com and have a Microsoft Entra account.
User 2 will receive OTP each time for login.