question

Ruben-7465 avatar image
0 Votes"
Ruben-7465 asked ·

How to use conditional access with a (very) slow internet connection?

Hi all,

I am currently encountering a situation where we are rolling out conditional access. This is going well, but we have one group of users that have very slow (satellite) internet. The internet is so slow that users tend to miss the expiration deadline for MFA codes.

I was wondering if there are minimum internet requirements for rolling out conditional access in the docs somewhere?

Also, if we assume that speeding up the internet is not a solution, is it possible to somehow increase the expiration time for a MFA token? Or to allow more than only the current MFA token.
Of course this will decrease security a little bit, but it will give the user more time.

If there are other suggestions to solving this problem, I am also open to it. We are currently also considering Intune for trusted devices and IP ranges. But I would like to hear other perspectives.

azure-ad-conditional-access
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

Hi Ruben,

For one-way SMS with Azure MFA in the cloud (including the AD FS adapter or the Network Policy Server extension), you cannot configure the timeout setting. Azure AD stores the verification code for 180 seconds. https://docs.microsoft.com/en-us/azure/active-directory/authentication/multi-factor-authentication-faq

Aside from improving the connection itself, there are some potential solutions I can think of:

You can set "remember MFA" for trusted devices so that users aren't prompted and don't have to go through this as frequently.

If you are using Phone MFA you can adjust the timeout by adding a recording. One way to do this as a workaround is to record a message that is 18+ seconds long long and upload it as "Greeting(Standard)." This will push the timeout long enough for it to route through the phone system and have enough time to press # to verify. See instructions here: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next#custom-voice-messages

· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I don't think there is any documented minimum speed requirement but it would just need to allow the user to authenticate within the timeframe.

0 Votes 0 ·

Hi Marilee,

Thanks for the quick response. I forgot to mention that there is no cellular connectivity for mobile phones, so we are using the authenticator app. Are there ways to increase that verification time?

0 Votes 0 ·