Can User sign-in frequency promp MFA only?

Nattawut Teerajarukul 216 Reputation points
2021-08-26T05:07:48.667+00:00

I already use Conditional Access via this guide. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
user sign-in frequency is set to 1 hour.
every 1 hour the user is prompt to sign in and MFA again.

But customer need prompt only MFA (bypass password) when session expired.
Can configure sign-in frequency policy for bypass password but prompt MFA only?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,899 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marco Gerber 31 Reputation points
    2021-08-26T20:55:45.217+00:00

    Hi @Nattawut Teerajarukul , according to this docs article this behaviour is by design, therefore a full re-auth is triggered using sign-in frequency: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime#user-sign-in-frequency-and-multi-factor-authentication

    Maybe you could solve the challenge with Conditonal Access policies which trigger MFA when accessing a certain cloud app or by other conditions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.