External management of business-to-business (B2B) identities can be very difficult for organizations. Monitoring of guest accounts is required. Microsoft is working to address this issue by extending its Azure AD external identity solution with OTP. Announcing the general availability of Unique Access Codes (OTPs) via email for better B2B collaboration.
OTP mail will provide maximum security
Labeling it as OTP mail, Microsoft says this Bring Your Own Identity (BYOI) solution is preferable. When end users cannot authenticate through other methods such as Azure AD, Microsoft account, or Google account federation. Access to resources can be shared simply as an email invitation or via a direct link.
The guest user then uses a one-time password (OTP) that is sent to their email account to access the particular resource. This OTP is valid for 24 hours. Receive a new code for the e-mail ID at each subsequent connection.
Azure AD processes end users who sign in via OTP via email. This assumes that they are subject to normal security policies configured by the company. Microsoft also said that:
At the time of the invitation, there is no indication that the user you are inviting will use one-time password authentication. But when the guest user logs in, password single sign-on will be the alternate method if no other authentication method can be used.
You can see if a guest user is authenticated using one-time passcodes by viewing the property in user details.
Microsoft has pointed out that from March 2021, OTP email will be enabled for all new and existing users, but businesses will have the option to disable it. However, organizations that have opted for the public preview of Email OTP will be given a switch to enable or disable the feature. Finally, OTP email is also available for Microsoft Teams preview mode.