Does anyone know how an Azure B2B user behaves when a tenant is protected with the Duo Office 365 SAML app and a DAG?
Internal users would be redirected to the DAG login and their accounts would be in local AD and synced into Duo.
But the B2B users have their own emails addresses and I can’t find any information on what would happen to them. They’re not going to be listed in Duo, so if they were redirected to the DAG they couldn’t authenticate.
Are the Conditional Access policies in Azure the only method of enforcing MFA for B2B users?