Conditional Access MFA and Sign-in Frequency

Bill Spicer 21 Reputation points

With legacy MFA, you can select x many days to remember a device. Currently we have this set to 24 hours. Users only have to type a password if it expires, they login from an unknown device/browser or inactivity policy signs them out.

When migrating to Conditional Access Policies for MFA the only option to specify a frequency is the Sign-in frequency which requires you to type a password. I'm looking for a way to relax typing of password for trusted devices to a few days but keep requiring MFA every 24 hours. Is there a way to do this? Microsoft needs an MFA frequency.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
{count} votes