A guest account is automatically created when an external user is invited to access specific resources within our Main Roads environment such as Teams, SharePoint, OneDrive, and other applications, without granting full access to our internal systems.

Guest accounts are a convenient way to work with external stakeholders, but they also introduce potential security risks if not properly managed.

By introducing MFA, it just means that Main Roads is adding an extra layer of protection by requiring users to verify their identity with more than just a password. A second layer of authentication must be completed using Microsoft Authenticator app or SMS on a registered mobile device.

What you need to know and do:

• Phase 1 (Soft Launch): Starting on 4 August 2025, MFA will be required for guest users who have registered with personal email addresses (e.g. Gmail). Users who are affected will be contacted directly.
• Phase 2: Beginning on 25 August 2025, MFA will be extended to all remaining guest accounts registered with corporate email addresses. Users who will be affected will be contacted directly prior to implementation.

After implementation, when invited guests next login, they will be prompted to configure Multi-Factor Authentication (MFA).

To assist with this transition, please view this Quick Reference Guide to help you set up and configure your preferred method of MFA (Authenticator or SMS).