Sign in frequency not working as expected, user not Challenged by MFA

Ahasub Chowdhury 16 Reputation points
2022-02-19T01:48:01.7+00:00

Hi all,

We have setup Conditional access sign-in frequency policy to ask the user for MFA prompt every 12 hours for one of our cloud application. However it doesn't work all the time as expected. It works sometimes and sometime it doesn't prompt the user for MFA. When I check the logs it says the policy applied successfully and under MFA it says "MFA requirement satisfied by claim in the token". Any ideas what I might be doing wrong?

TIA for your advise.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,398 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ravi Kanth Koppala 3,231 Reputation points Microsoft Employee
    2022-02-19T04:28:23.703+00:00

    Yes, @Ahasub Chowdhury . Sometimes if you enable "remember MFA on the trusted devices", you might see such behavior.

    Also, MFA for X days will apply for the whole tenant, and it will work on the trusted device. If you enable this, you can disable the Conditional access policy sign-in Frequency. Because Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource. Either one can be configured and check the behavior of the user, try it. For more details, please check -
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication

    ----------

    Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.