While securing the organizational identities of your users is important, if your organization's content is being shared with external entities, it is important to secure their access as well. With Azure AD Premium, you can configure advanced policy settings such as multi-factor authentication for your guest users, further enhancing the security posture of your organization. Enabling multi-factor authentication requires Conditional Access, which is outside the scope of the MS300 exam, but the steps are included here for reference. Let's go over them now:

1. Sign in to the Azure portal (https://portal.azure.com) with Global Admin, Security Administrator, or Conditional Access administrator privileges.
2. Select Azure Active Directory from the navigation menu, or search for Azure Active Directory from the search bar.
3. On the Azure Active Directory blade, select Security:

4. Under Protect, select Conditional Access and select + New policy.
5. Enter a name for the policy, such as Require External User MFA.
6. Under Assignments, select Users and Groups, select the Include tab, select the radio button for Select users and groups, and then select the All guest and external users (Preview) checkbox. Click Done when you're finished.

7. Under Assignments, select Cloud apps or actions and select the scenarios where you want multi-factor challenges to occur. For example, you might select Cloud apps regarding the policy target, and then the radio button for All cloud apps to require multi-factor authentication for all the applications in the tenant. You can also choose Select apps and select a subset of applications.
8. Click Done when you're finished:

9. Under Access controls, select Grant. 
10. On the Grant page, select the Grant radio button and then the Require multi-factor authentication checkbox. Click Select when you're finished.
11. Slide the toggle under Enable policy to On and click Create.

The next time a guest user logs in to consume any service in the tenant, they will be prompted to register for multi-factor access. Then, they will need to use it upon subsequent logins.