This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 16%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERT%3C/text%3E%3C/svg%3E)
Hello,
I have created a sign-in User Flow that has MFA enabled.
For the most part it is working fine.
It will send a MFA text message to a user who tries to login to verify their identity.
BUT it does this every time a user logs in. It doesn't give an option to remember the device or anything! It instead asks you to re-verify with MFA each time you login.
With a $0.03 charge for each MFA text, it is unacceptable to require a user to use MFA each time they sign-in.
I would like MFA to work like this:
A user only needs to verify with MFA once per month. Then it remembers that user has already verified.
I can't use "Keep me signed in" (KMSI) because many of my users will be on public PC's and must sign out daily.
I have found no way to configure the MFA for Azure B2C at all!
If I switch to the Azure portal in my B2C tenant and try editing the 'Multi-Factor Authentication' service, nothing changes.
I have found this article which states this is a problem with no fix: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16104154-mfa-remembering-device
Is this still the case? Or has a fix been implemented?
P.S.
I opened an Azure support ticket about this and was informed that there is no way to do this using a User Flow
but it might be possible to configure via custom policies.
Where might I find a template for this custom policy MFA configuration?
Thank you for any help!
@Rhett Thompson You can find a custom policy sample for this purpose here, which forces the user to do MFA on 3 conditions, mentioned below:
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@Rhett Thompson Just wanted to check if you had a chance to test the sample?
Yes, that is exactly what I was looking for!
Thank you!
Take a look to the Custom Policy Starter Pack SocialAndLocalAccountsWithMfa template. Specially the PhoneFactor-InputOrVerify technical profile and the Orchestration Steps/Claims Exchanges that reference/call it, some depending on Pre Conditions (Claim exist or claim equals to).
---
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.