Force Edge Profiles to prompt for Login after each new Edge Browser session or set a time out

SES 1 Reputation point
2022-02-03T18:47:34.293+00:00

I have a client that is NOT domain joined but has SSO setup for several resources using MS Azure. Edge is great for this as it will auto log into those SSO sites. However for security we would like the edge profile to prompt for the password and MFA at least once a day. Either based on browser session or a timed setting.

Is this possible?

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,123 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,436 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,361 Reputation points Microsoft Employee
    2022-02-04T00:03:25.267+00:00

    @SES
    Thank you for your post!

    I'm not too familiar with the Microsoft Edge MFA capabilities, but if all your users are in your Azure AD tenant. You can definitely use Azure AD Conditional access policies to control how often a user signs in, by leveraging Session controls to enable limited experiences within specific cloud applications.
    171109-image.png

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments
  2. SES 1 Reputation point
    2022-02-07T23:32:52.337+00:00

    @JamesTran-MSFT

    I set up a test policy and it didnt seem to do anything.
    172017-image.png

    I did a bit more searching and Edge will pull and prompt you to sign in with the accounts you have set on the machine under settings > Account work or school. I noticed this as I was signing into edge with the clients account but the Myapps page kept showing my personal work account. I would sign out of my account in Myapps and it would automatically sign me back into myapps with my personal work account (which is linked to my machine under the settings > Access work or school).

    I am starting to think the only way to force the edge profile to time out the sign in is with an MDM policy and use Intune. Or maybe there is a different conditional policy that would just blast away all linked MS accounts with the workstation accounts.