This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 85%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Hello all,
I'm not sure if this question is related to SSPR or MFA behavior.
Scenario: MFA is mandatory in our environment: alternatively telephone call or message, Authenticator and security questions have to be filled
We have to fill the form with 5 answers.
Users with security questions already set, sometimes can't access on o365 or onedrive. It seems that the answers expire.
Only allowed way to continue for the users is to replace all 5 answers.
For the moment, I don't find any event that trigger this kind of behavior: The users affected did not change hardware or their domain password.
And in official MS docs https://support.microsoft.com/en-us/account-billing/set-up-security-questions-as-your-verification-method-3d74aedd-88a5-4932-a211-9f0bfbab5de8 I've not found out yet any clues about the expiration date of those answers.
Can anyone please tell me if security questions expire?
If there is no expiration date, what does force the user to change the 5 mandatory answers?
Thank you in advance!
I do not believe that they expire, but I do know that there is a windows (0-730 days) that you can set for your users to verify their authentication method:
Require users to register when they sign in
Reconfirm authentication information
----------------------------------
If this is helpful please accept answer.
Hi DillonJS,
thank you for the tip. I'm going to check this feature. Kind regards