Enforce Terms of Use for B2B Guest Users with Microsoft Entra Conditional Access
Introduction
More and more organizations are opening their digital front doors to external collaborators — vendors, contractors, partners, even customers. This flexibility fuels innovation and faster results, but it also introduces new compliance and security risks.
One simple but powerful way to manage those risks is making sure that external users explicitly accept your Terms of Use before they access your environment.
Enter Microsoft Entra Terms of Use and Conditional Access, a built-in capability that lets you enforce Terms of Use acceptance right at sign-in. It works great for employees, but it is especially valuable for B2B guest users, who often are not subject to your internal policies or training.
Let’s walk through why this matters and how to set it up.
Feature Highlights
What It Is
The Terms of Use feature in Microsoft Entra lets you present a PDF document (your Terms of Use) to users during the sign-in flow. They must accept the terms before access is granted.
Pair that with Conditional Access, and you can easily target specific groups like B2B guest users and enforce that Terms of Use acceptance is required.
The result is a seamless way to ensure all external collaborators understand your policies and that their acceptance is captured for compliance records.
Why It Matters
Here is why this capability should be on your radar:
Compliance — Many industries require you to show that users agreed to specific terms before accessing data. This feature creates an audit trail you can rely on.
Security — B2B guest users are not always exposed to your internal policies or security training. Presenting Terms of Use helps ensure they understand what is expected.
Accountability — Terms of Use acceptance is recorded in Entra ID, giving you a clear record of who accepted what and when.
I have seen organizations in sectors like legal, financial services, and healthcare lean on this feature to reinforce data privacy expectations with guests. It is an easy win.
How to Get Started
Setting this up takes just a few steps. Here is a high-level guide to get you rolling.
Prerequisites
Microsoft Entra ID P1 or P2 license
Admin role with permissions to create Conditional Access policies
Your Terms of Use saved as a PDF
Step 1: Create Your Terms of Use Policy
Go to the Microsoft Entra admin center.
Navigate to Entra ID > Conditional Access > Terms of use.
Click New terms.
Upload your Terms of Use PDF and configure the settings, for example:
Require users to expand the document before accepting.
Choose whether users need to reaccept terms after updates.
Step 2: Apply Conditional Access
Navigate to Entra ID > Conditional Access > Policies.
Click New policy.
Name your policy (example: Enforce ToU for B2B Guests).
Under Assignments:
Users: Select All guest and external users.
Cloud apps or actions: Choose All cloud apps or target specific apps.
Under Access controls > Grant:
Select Require Terms of Use and choose the Terms of Use policy you created.
Enable and save your policy.
For detailed guidance, check out Microsoft’s official docs on applying Conditional Access control policies and managing external access.
Rollout and Next Steps
Once your policy is live, here is how to operationalize it:
Enable: Roll out the policy in a controlled test environment first.
Test: Validate the experience with test guest accounts, confirm that Terms of Use acceptance is prompted.
Audit: Use Entra reporting to confirm Terms of Use acceptance records are captured.
Update: If your Terms of Use changes, update the PDF and trigger reacceptance as needed.
Communicate: Let your internal teams and external partners know about the new sign-in requirement.
Conclusion
By integrating Terms of Use with Conditional Access, you give your organization a powerful way to balance collaboration with control, especially for external B2B users.
It is a simple way to reinforce policies, support compliance, and protect your environment, all without adding friction to the user experience.
Stay tuned for our next post where we will explore how to customize the Terms of Use experience to match your brand and messaging.