How can i force my enterprise application (using SAML auth) to prompt for MFA every time ?
i tried creating a conditional access policy but that did not work .
I found this blurb from 2019 - this seems like the exact same issue . is this still the case 3 years later?
I just don't feel 100% comfortable with there not being a way to enforce 2FA even if the device is hybrid joined and is still within the 14 day Primary Refresh Token window. It feels like with conditional access being an option I should be able to override the token in the event the user attempts to access this specific application.
Is there a way to reset this Primary refresh token .
Azure AD Conditional Access policies are not evaluated when PRTs are issued.