Share via

Frequent MFA Request

34788110 10 Reputation points
2023-04-24T14:02:15.1233333+00:00

Hello, I've set up MFA for my entire using conditional access. with a sign-in frequency of 2 weeks. The device-level 365 applications work fine with this policy but we are continuously prompted on Office 365 web applications. Typically this request ranges from once every day to multiple times throughout the day on a web browser. I've tried to enable a persistent browser as well and that doesn't help the issue. Any assistance would be appreciated.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,063 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,065 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. RevelinoB 3,345 Reputation points
    2023-04-24T14:20:16.7266667+00:00

    @34788110 I think when you have set up MFA for your entire organization using conditional access and are experiencing continuous prompts on Office 365 web applications, there are a few things you can try to resolve the issue:

    1. Check the session timeout settings: If the session timeout settings for the web applications are set too low, users may be prompted for MFA more frequently than desired. Check the session timeout settings and increase them if necessary.
    2. Use a supported browser: Ensure that the web browser being used is supported by Office 365 and meets the recommended system requirements. Microsoft recommends using the latest version of Microsoft Edge, Google Chrome, or Mozilla Firefox.
    3. Disable browser extensions: Some browser extensions may interfere with the MFA process and cause issues with Office 365 web applications. Try disabling all browser extensions and see if the issue persists.
    4. Clear browser cache and cookies: Clearing the browser cache and cookies can sometimes resolve issues with Office 365 web applications.
      1. Try using a different browser: If the issue persists, try using a different web browser to see if the issue is specific to the original browser being used.
      It's also worth noting that the sign-in frequency set in conditional access policies only applies to sign-ins from untrusted devices or locations. If a user is continuously prompted for MFA on a trusted device or location, it may indicate an issue with the device or browser being used.
    1 person found this answer helpful.
  2. Konstantinos Passadis 19,161 Reputation points MVP
    2023-04-24T14:11:37.57+00:00

    Hello @Tynisha Robinson !

    It sounds like the issue may be related to how the browser is handling cookies and/or sessions. When MFA is enabled, the user needs to authenticate more frequently to access Office 365 web applications. This is because the session tokens are short-lived, and when they expire, the user needs to authenticate again.

    One thing you could try is to make sure that your browser is configured to allow cookies and that it is not set to clear cookies after each session. You can also try clearing your browser cache and cookies and see if that helps.

    Another possible solution is to use a different browser or try using a private browsing mode. This can sometimes help to resolve issues related to persistent authentication.

    If the issue persists, you may want to consider opening a support case with Microsoft to see if there are any known issues with the specific browser you are using or if there are any other solutions available.

    Also : A persistent browser session allows users to remain signed in after closing and reopening their browser window.

    • This setting works correctly when "All cloud apps" are selected
    • This does not affect token lifetimes or the sign-in frequency setting.
    • This will override the "Show option to stay signed in" policy in Company Branding.
    • "Never persistent" will override any persistent SSO claims passed in from federated authentication services.
    • "Never persistent" will prevent SSO on mobile devices across applications and between applications and the user's mobile browser. I would suggest the implementation of SSO for your Applications https://learn.microsoft.com/en-US/azure/active-directory/manage-apps/secure-hybrid-access#single-sign-on-and-multi-factor-authentication In case this helped kindly mark the answer as Accepted ! BR
    0 comments
  3. Robin Ganderton 41 Reputation points
    2024-07-19T17:52:00.2766667+00:00

    any answers that work ?

    so, I have to use MFA every time I open Edge. Not to sign into any device or application, just edge. Edge requires I use MFA every time (Any machine) the painful part is edge. Simply opening edge requires MFA. Even though I am already signed in to all the apps.

    Suggestions ?

    (I have removed edge and reinstalled as well as all the other browsers), cleaned caches, and all the basics.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.