Hi @MrEco • Thank you for providing the required information.
By tracking the requests (before and after session revocation) at our backend, I can see that the conditional access policy "MFA for VPN Rxx Winxxxx" conditional access policy with the sign-in frequency of 1 hour is getting applied. In both cases, the user presented a credential authenticated at 4:16:50 PM on May 16, 2022, and the request was made at 8:03:13 AM and 8:42:57 AM on May 17, 2022. As this was beyond the sign-in frequency window of 1 hour, the credential was ignored. This resulted in the below error:
AADSTS70044: The session has expired or is invalid due to sign-in frequency checks by conditional access.
To resolve the issue, this error needs to be handled by the application and the user should be prompted to get re-authenticated. I would suggest you engage with the application vendor to get this logic added to the application.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.