Our environment has users log into a domain on Entre ID. The end goal is to use a Conditional Access Policy to have users MFA into their machines every time they log in.
The Conditional Access Policy requires them to use MFA to log into all Cloud Services.
I have a test user that I have been working with.
When the test user logs in to Office.com he was required to setup MFA with Windows Authenticator.
I asked him to log out of his machine and back in.
He was not required to use MFA.
I asked him to log into a machine that he never logged into.
The first log in he was required to authenticate using MFA but when he logged out and tried to log back in the user was not required to use MFA.
I changed the "Session" setting to "Sign-in Frequency - Every Time".
Asked the user to test again and he was not asked to us MFA to authenticate.
Is there a setting or configuration I am missing?