Can User sign-in frequency promp MFA only?

Nattawut Teerajarukul 216 Reputation points

I already use Conditional Access via this guide.
user sign-in frequency is set to 1 hour.
every 1 hour the user is prompt to sign in and MFA again.

But customer need prompt only MFA (bypass password) when session expired.
Can configure sign-in frequency policy for bypass password but prompt MFA only?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marco Gerber 31 Reputation points

    Hi @Nattawut Teerajarukul , according to this docs article this behaviour is by design, therefore a full re-auth is triggered using sign-in frequency:

    Maybe you could solve the challenge with Conditonal Access policies which trigger MFA when accessing a certain cloud app or by other conditions.