[GH-ISSUE #2233] [Feature Request]: New Standard for Cross-tenant access settings #1149

New issue

Closed

opened 2026-03-02 13:41:59 +03:00 by kerem · 4 comments

kerem commented 2026-03-02 13:41:59 +03:00

Owner

Copy link

Originally created by @gwenner-endsight on GitHub (Mar 19, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2233

Originally assigned to: @kris6673 on GitHub.

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

When M365 guests authenticate to our clients' tenants, by default they are subject to "double MFA" because our client's tenant doesn't trust the MFA of the guest's Entra tenant. This is now a configurable option in the Cross-tenant access settings, and we'd like it to be in the Standards. The settings in the M365 GUI are described here: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/cross-tenant-access-settings-notes-from-the-field/ba-p/4081841

I think having a choice in CIPP to enable or disable this setting explicitly would be preferred.

Specifically, our organization would like to check the box to "Trust multifactor authentication from Microsoft Entra tenants", under the trust settings. The PowerShell to do this should be available via the graph endpoint linked in the later question.

PowerShell commands you would normally use to achieve above request

https://learn.microsoft.com/en-us/graph/api/crosstenantaccesspolicyconfigurationdefault-update?view=graph-rest-1.0&tabs=powershell

Using this resource type: https://learn.microsoft.com/en-us/graph/api/resources/crosstenantaccesspolicyinboundtrust?view=graph-rest-1.0

And the isMfaAccepted property

Originally created by @gwenner-endsight on GitHub (Mar 19, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2233 Originally assigned to: @kris6673 on GitHub. ### Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole. When M365 guests authenticate to our clients' tenants, by default they are subject to "double MFA" because our client's tenant doesn't trust the MFA of the guest's Entra tenant. This is now a configurable option in the Cross-tenant access settings, and we'd like it to be in the Standards. The settings in the M365 GUI are described here: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/cross-tenant-access-settings-notes-from-the-field/ba-p/4081841 I think having a choice in CIPP to enable or disable this setting explicitly would be preferred. Specifically, our organization would like to check the box to "_Trust multifactor authentication from Microsoft Entra tenants_", under the trust settings. The PowerShell to do this should be available via the graph endpoint linked in the later question. ### PowerShell commands you would normally use to achieve above request https://learn.microsoft.com/en-us/graph/api/crosstenantaccesspolicyconfigurationdefault-update?view=graph-rest-1.0&tabs=powershell Using this resource type: https://learn.microsoft.com/en-us/graph/api/resources/crosstenantaccesspolicyinboundtrust?view=graph-rest-1.0 And the **isMfaAccepted** property

kerem 2026-03-02 13:41:59 +03:00

• closed this issue
• added the
  enhancement
  Planned
  labels

kerem commented 2026-03-02 13:42:00 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Mar 19, 2024):

I like it. Planned.

<!-- gh-comment-id:2007717071 --> @KelvinTegelaar commented on GitHub (Mar 19, 2024): I like it. Planned.

kerem commented 2026-03-02 13:42:00 +03:00

Author

Owner

Copy link

@kris6673 commented on GitHub (Mar 26, 2024):

I would like to work on this please!

<!-- gh-comment-id:2021234875 --> @kris6673 commented on GitHub (Mar 26, 2024): I would like to work on this please!

kerem commented 2026-03-02 13:42:00 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Mar 26, 2024):

Great! I assigned you (@kris6673) to the issue. Have fun working on it!

<!-- gh-comment-id:2021235267 --> @github-actions[bot] commented on GitHub (Mar 26, 2024): Great! I assigned you (@kris6673) to the issue. Have fun working on it!

kerem commented 2026-03-02 13:42:00 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Mar 26, 2024):

added in dev

<!-- gh-comment-id:2021370241 --> @KelvinTegelaar commented on GitHub (Mar 26, 2024): added in dev

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1149

No description provided.