@10:23 - When you do not have B2B collaboration enabled. External guests will have to authenticate with a Sign-In Code and will NOT be registered as a Guest in your tenant. IT does not matter if it is a Microsoft account or Non-Microsoft account. B2B collaboration for SP is default $False. When enabled a guest will be registered in your Tenant and must use MFA to authenticate when the person has a Micrsoft account. A non - Microsoft account will still use a code (you do have to setup a CA rule for Guests). Great video again! Thanks!

Hello Nick, Thanks for the training session about this difficult topic, it is difficult to explain because there are different use case. Question: for new and existing guest. how the external collaboration setting will impact this settings if it is set as: "only users assigned to specific admin roles can invite guest users", meaning if regular user share the link New and existing guest, Will the link issue and the receiver of the link be added to EntraID as guest account? Very good material. Thanks again.

@32:54 - how to make sure external users don't get that MFA setup? nor have to do any extra work to see that document ?

@30:56 - what to do if we don't ever want to see or have Guest or external accounts in our Azure tenant subscription?

Minute 29:31 I have a CAP with scope all users: Will this policy include the guest account or only the members in my organization? In other video, you recommended for the break glass account to use MFA Phishing resistant, If we exclude the BA from the conditional MFA policy, it won't ask for MFA. I believe you recommend not exclude Break Glass from CAP and force the MFA.phishing resistant. btw, I have other CAP with scope B2B users requiring MFA.