Per the article
Recommended settings
To give your users the right balance of security and ease of use by asking them to sign in at the right frequency, we recommend the following configurations:
If you have Azure AD Premium: (We have P1)
If reauthentication is required, use a Conditional Access sign-in frequency policy.
For users that sign in from non-managed devices or mobile device scenarios, persistent browser sessions may not be preferable, or you might use Conditional Access to enable persistent browser sessions with sign-in frequency policies. Limit the duration to an appropriate time based on the sign-in risk, where a user with less risk has a longer session duration.
I am doing both.
Shouldnt Conditional Access policies override Azure AD session lifetime options?
Also in the article
To configure or review the Remain signed-in option, complete the following steps:
- In the Azure AD portal, search for and select Azure Active Directory.
- Select Company Branding, then for each locale, choose Show option to remain signed in.
- Choose Yes, then select Save.
These settings are not in my Company Branding section
I have attached a screen shot of our remember multi-factor auth settings from here
To remember multifactor authentication settings on trusted devices, complete the following steps:
- In the Azure AD portal, search for and select Azure Active Directory.
- Select Security, then MFA.
- Under Configure, select Additional cloud-based MFA settings.
- In the Multi-factor authentication service settings page, scroll to remember multi-factor authentication settings. Disable the setting by unchecking the checkbox.