You have a Microsoft Entra tenant named contoso.com.
You have a partner company that has a Microsoft Entra tenant named fabrikam.com.
You need to ensure that when a user in fabrikam.com attempts to access the resources in contoso.com, the user only receives a single Microsoft Entra Multi-Factor Authentication (MFA) prompt. The solution must minimize administrative effort.
What should you do?
To ensure that users from fabrikam.com receive a single Microsoft Entra Multi-Factor Authentication (MFA) prompt when accessing resources in contoso.com, the appropriate step is to configure the inbound access default settings from the Azure portal of contoso.com. This configuration allows you to trust MFA claims from external organizations, thereby minimizing the administrative effort required to manage individual collaborations.
Agree A. Not select B,Reason :https://learn.microsoft.com/en-us/entra/external-id/external-collaboration-settings-configure
Agree, B
I would go with A Trust multi-factor authentication from Microsoft Entra tenants: Select this checkbox to allow your Conditional Access policies to trust MFA claims from external organizations. During authentication, Microsoft Entra ID checks a user's credentials for a claim that the user completed MFA. If not, an MFA challenge is initiated in the user's home tenant. Link: https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims
Agreed, A
agree with A, even if ot could be better modify the setting just for fabrikam and not all the inbound default as suggested in the answer :-P