Require MFA every protect document using Azure Information Protection

Netanel Ben-Shushan 1 Reputation point


I wonder if there's any option to protect and require users and/or external guests to use MFA on every protect document they going to open, if not, is that possible to limit the requirement in time? i.e. after 1 hour of use with valid MFA auth to re-auth again against the MFA.

I saw under Conditional Access the Sign in frequency and I've set it to 1 hour but no luck, I can still able to open protected documents with no MFA :(.


Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
523 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,081 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,496 Reputation points Microsoft Employee

    Thank you for your post!

    Based off your requirements, you can try leveraging our current preview offering - Conditional Access policies for Azure Information Protection. With this feature, when a user opens a document that is protected by Azure Information Protection, administrators can now block or grant access to users in their tenant, based on the standard conditional access controls.


    Additional Links:
    FAQ - Azure Information Protection is listed as an available cloud app for conditional access—how does this work?
    Multi-factor authentication (MFA) and Azure Information Protection
    AIP and Azure Active Directory

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.