Thanks for your post!
The re-prompts could definitely be related to his browser settings. There are a few settings that can cause the prompt to reappear:
1) If he's using an incognito window.
2) If cookies coming from "https://*.microsoftonline.com" are not allowed. In this case he can select "Allow all cookies" in the browser settings to get around this issue.
3) If he has any browser extensions that block cookies (such as ad blocking, privacy plugins, or Visual Ping).
Other possibilities are that the "Don't ask again" setting could be conflicting with Conditional Access settings, AD FS, or modern authentication clients if any of those are configured. The "Don't ask again for X days" feature works only for browser-based apps because it is based on cookies. The user shouldn't be prompted again for MFA from the same browser until the cookie expires. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#how-the-feature-works
The setting is application-specific but the application remembers the device. So if he's switching between devices and apps, this can also occur.
Let me know if this helps.
-
If the information helped you, please Mark the answer. This will help us and other community members as well.