I already use Conditional Access via this guide. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
user sign-in frequency is set to 1 hour.
every 1 hour the user is prompt to sign in and MFA again.
But customer need prompt only MFA (bypass password) when session expired.
Can configure sign-in frequency policy for bypass password but prompt MFA only?