Wonder if CAE is involved with the change in IP address when a user moves location:
Prevent constant MFA requests for hybrid workforce
Hello,
Most of our users are hybrid, working remotely via VPN and locally in office. Regardless of our 30-day MFA policy, our users are prompted for MFA every few days if they move locations between working at home and at the office.
We are a non-profit healthcare organization of 600 staff, using primarily Office E3 & Azure P1, Exchange in the cloud, and local AD sync. I cannot for the life of me determine what policies I need to adjust to get consistent results from MFA. 30 days should be 30 days. Employee devices are laptops with domain accounts- nothing is being wiped or reset.
If there is some special Conditional Access magic that I am missing, I am all ears- but the current state of this is unsustainable.
Thank you,
CB
2 answers
Sort by: Most helpful
-
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,486 Reputation points
2024-04-25T07:36:46.61+00:00 Use the Microsoft Entra sign-ins report. This report shows authentication details for events when a user is prompted for multifactor authentication, and if any Conditional Access policies were in use: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-reporting#view-the-microsoft-entra-sign-ins-report