question

NattawutTeerajarukul avatar image
0 Votes"
NattawutTeerajarukul asked NattawutTeerajarukul published

Can User sign-in frequency promp MFA only?

I already use Conditional Access via this guide. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
user sign-in frequency is set to 1 hour.
every 1 hour the user is prompt to sign in and MFA again.

But customer need prompt only MFA (bypass password) when session expired.
Can configure sign-in frequency policy for bypass password but prompt MFA only?

azure-ad-multi-factor-authenticationazure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

marcogerber avatar image
0 Votes"
marcogerber answered NattawutTeerajarukul published

Hi @NattawutTeerajarukul, according to this docs article this behaviour is by design, therefore a full re-auth is triggered using sign-in frequency: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime#user-sign-in-frequency-and-multi-factor-authentication

Maybe you could solve the challenge with Conditonal Access policies which trigger MFA when accessing a certain cloud app or by other conditions.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.