Exam SC-300 topic 1 question 3 discussion

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode "When the email one-time passcode feature is enabled, newly invited users who meet certain conditions will use one-time passcode authentication. Guest users who redeemed an invitation before email one-time passcode was enabled will continue to use their same authentication method." User 1 is already a registered guest user in fabrikan.com so will not receive additional OTP. User 2 has never accessed fabrikam.com so WILL receive OTP each time they login. User 3 (providing email addy is not a typo) will not receive a OTP as they are a domain user. Answer is A.

In exam today(23/2/22) this question was changed slightly "User3 : [email protected] : personal gmail account" Options were, (a) user 1 only (b) user 2 only (c) user 3 only (d) user1 and user2 only (e) user1, user2 and user3

User 2 has never accessed fabrikam.com so WILL receive OTP

A. User2 Only. as User1and existing users are already past the point of redemption.

Answer) A = User2 only The only user that will get a One-Time Passcode will be User2 when they try to join the first time. User1 already joined as a guest and would have gotten their OTP back when they first joined and User3 is not a guest and is already apart of the Fabrikam domain.

What happens to my existing guest users if I enable email one-time passcode? Your existing guest users won't be affected if you enable email one-time passcode, as your existing users are already past the point of redemption. Enabling email one-time passcode will only affect future redemption process activities where new guest users are redeeming into the tenant.

Already existing guest user in fabrikam tenant will not be emailed a password. As an existing guest user they have already gone through the registration process, and because they have an outlook (i.e. microsoft) account, they can use their outlook account password rather than an emailed one

The "Email One-Time Passcode for guests" feature in Microsoft Entra (formerly Azure AD) allows external users (guests) to authenticate using a temporary passcode sent to their email. Temporary Passcode: When a guest user tries to access your resources, they can request a one-time passcode, which is sent to their email address. They use this passcode to complete the sign-in process. Sign-In Process: During sign-in, the guest user selects the option to sign in with a one-time passcode. They receive the passcode via email and enter it to gain access. Enabling the Feature Sign In: Log in to the Microsoft Entra admin center as an Authentication Policy Administrator. Navigate: Go to Identity > External Identities > All identity providers. Configure: On the Built-in tab, next to email one-time passcode, select Configured. Enable: Ensure the toggle is set to Yes and click Save.

User1: Will not receive a new OTP since they have logged in before. User2: Will receive a passcode because they have never accessed resources in fabrikam.com. User3: Will not receive a passcode as they are an internal user.

User 2 Only. Read the doc: When a user redeems a one-time passcode and later obtains an MSA, Microsoft Entra account, or other federated account, they'll continue to be authenticated using a one-time passcode

When a guest user redeems an invitation or uses a link to a resource that has been shared with them, they’ll receive a one-time passcode if: They don't have a Microsoft Entra account. They don't have a Microsoft account. The inviting tenant didn't set up federation with social (like Google) or other identity providers. They don't have any other authentication method or any password-backed accounts. Email one-time passcode is enabled. User 1, other identity provider unkonown User 2, Microsoft Account User 3 Microsoft Entra

The current "Most Voted" answer is incorrect. With these settings, the behavior for each user would be as follows: [email protected]: Since User1 is already a guest user in fabrikam.com, they will not need a passcode. [email protected]: As User2 has never accessed resources in fabrikam.com, they will be emailed a one-time passcode to authenticate. [email protected]: Being an internal user of fabrikam.com, User3 will not need a passcode. Therefore, the correct answer remains: A. User2 only These settings confirm that new external users (like User2) will receive a one-time passcode for authentication, while existing guest users (like User1) and internal users (like User3) will not.

When a guest user redeems an invitation or uses a link to a resource that has been shared with them, they’ll receive a one-time passcode if: They don't have a Microsoft Entra account. They don't have a Microsoft account. The inviting tenant didn't set up federation with social (like Google) or other identity providers. They don't have any other authentication method or any password-backed accounts. Email one-time passcode is enabled.

User 1 is already a registered guest user in fabrikam.com so will not receive additional OTP. User 2 has never accessed fabrikam.com so WILL receive OTP each time they login. User 3 (providing email addy is not a typo) will not receive a OTP as they are a domain user.

User 2 only is correct because he is not in the company fabrikam, not even as a guest.

To the best of my knowledge, User 3 is A USER in the fabrikam domain so will not receive the OTP User 2 is a user who is NOT an existing guest user in fabrikam.com, nor has accessed fabrikam resources (A new guest) but meets the "any domain" category will get the invite with the OTP. User 1 is ALREADY A GUEST USER in fabrikam.com, so will continue to use its access without requiring an OTP. User 2 - A is the answer https://learn.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode

When a guest user redeems an invitation https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode uses a link to a resource that has been shared with them, they’ll receive a one-time passcode if: They don't have an Azure AD account They don't have a Microsoft account The inviting tenant didn't set up federation with social (like Google) or other identity providers. https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode Open for discussion.