Modern Authentication, Users still have to authenticate with MFA after authenticating when using an Office 365 product.

Johnson Tran 1 Reputation point
2022-04-27T16:48:44.083+00:00

Hi everyone,

I've been struggling to get SSO to work along with MFA. We want the users to be able to authenticate only once with MFA through Office 365. However, every time the user logs into an application such as SharePoint, Teams, OneDrive, Etc, MFA is being prompt and requests the user to enter MFA authentication.

Through our AADC server, with Azure AD Connect, under Change user sign-in, I have the following checkbox: Password Hash Synchronization, Enable single sign-on.

The only solution I came up with to temporarily cover this solution is to enable the additional cloud-based feature MFA in Azure and enabled the "remember multi-factor authentication on trusted device". I don't want to use this feature and want SSO to completely take over for the apps, whether joining a different network or using a different device.

I have also placed a conditional access policy to force users to reauthenticate with MFA every 23 Hours.

If I can get some help with this, that would be greatly appreciated, as I've also placed in a support ticket.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,514 questions
{count} votes