While testing a guest user conditional access policy in Azure Active Directory that enforces MFA, the guest user was unable to sign-in to the resource I shared due to ‘suspicious activity’. Our initial investigation did not reveal a good reason for the suspicious behavior. We could clearly see the sign-in and the 'reason' provided in both of our Azure AD tenants but we did not see a clear way to resolve.
Upon opening a service request with Microsoft the responding engineer provided a very thorough response. The info was passed on to the guest user asking them to follow the steps around dismissing the ‘risky user’ in their tenant. Afterwards, they successfully to signed in using MFA without issue. Changing the user’s password was not necessary as suggested below.
From the correlation ID and timestamp, I have understood that the user is not able to access an application due to the conditional access policy.
From the backend, I can see that "ProofUpBlockedDueToRisk". Could you please check with the guest user tenant admin and have them dismiss the risk for that user.
The user risk for "external users" is evaluated at their home directory. The real-time sign-in risk for these users is evaluated at the resource directory when they try to access the resource. So before an external user registers for MFA, the first user Risk has to be dismissed from the user home tenant. Ask the global admin from Tenant "domain.com" to reset the user’s password to dismiss the risk and try to access and register for MFA.
Please refer to this article to know more about B2B risky users https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-b2b