Thanks for the reply. We are not using WHB but understand the lock/unlock refresh event.
The specific correlation id is 5bdcdf89-0995-4859-9855-54f97cda3067.
We are to open a case with MSFT too. Thanks
We are looking for forcing a user to sign in every x hours (if he/she has not recently authenticated or unlocked the device) and have implemented a conditional access policy. (FYI - apps are Service Now, Salesforce).
We have configured SSO/MFA and created the conditional access policies for persistence session AND a separate policy for sign in frequency (example, 1 hour). We have used the What If tool to check to makes sure these policies are being applied to the users.
Problem - the user is logged in for more than the amount of time defined with sign in frequency and is not logged out or timed out.
What we have already tried:
This feature works properly with Azure Portal but doesn't seem to work for any other app.
The docs state that this should work for SAML too unless the app uses a unique cookie etc. which is not the case.
We also tried converting the integration with OAUTH2/OIDC but doesn't seem to help
We understand that unlocking a device is a sign in event so have made sure that this is not happening
Is the sign in frequency supposed to work for non Microsoft apps?
Does this feature work with hybrid AD devices (On prem domain joined, using ADC to sync accounts to AD and integration)?
Does this feature depend on "persistence session"? Dont think if seamless SSO is working prpoperly.
Any example of any other app that this is working properly ?
If the authentication takes place in Azure AD, then the sign-in frequency will be honored. If you are using persistent sessions, the session cookies will not expire when the browser is closed.
Users who unlock devices using Windows Hello For Business will not have an additional prompt since Windows Hello For Business includes MFA.
If you provide the correlation ID and timestamp for one of the sign-in entries, I can help troubleshoot why this is not being enforced in your scenario.