Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,634 questions
Conditional Access MFA and Sign-in Frequency
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bill Spicer
21
Reputation points
With legacy MFA, you can select x many days to remember a device. Currently we have this set to 24 hours. Users only have to type a password if it expires, they login from an unknown device/browser or inactivity policy signs them out.
When migrating to Conditional Access Policies for MFA the only option to specify a frequency is the Sign-in frequency which requires you to type a password. I'm looking for a way to relax typing of password for trusted devices to a few days but keep requiring MFA every 24 hours. Is there a way to do this? Microsoft needs an MFA frequency.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 36,411 Reputation points Microsoft Employee2024-05-15T21:40:41.3066667+00:00 Hi @Bill Spicer ,
Are you saying that the users are prompted to enter their passwords even when the Sign-in frequency control should not have prompted them? Could you share a screenshot of your policy settings? What you are describing sounds specific to application or browser behavior. Some apps may not use the existing MFA claim and may require a new one. The behavior may be dependent on how the app is configured or how the browser handles the MFA claim.
Sign in to comment