I have AAD with custom enteprise sign on page and multi factor authentication enabled. When logging to any of the application registered in this AAD, MFA is enfornced. Now, I want to enforce MFA even when somebody adds accounts from this AAD as guests to some external AAD.
However, when I create new AAD and add guests user from previous AAD (with MFA enabled), MFA is not enforced. For example, I create VSTS connected to this newly created AAD, log in with my company account (which is guest here), I go to our custom ESO, but I'm logged in without MFA.
Now, where is the problem? In the parent AAD or in the newly created AAD?