Forum Discussion
remember MFA between avd hosts
For extra security users need to use there MFA when logging in to some websites even inside the AVD environment. They are allowed to select the "do not prompt mfa for x days" box. However the moment they get a new host assigned they are required to login via MFA again. Is there a way to centrally store the cookies that make sure the user isnt asked for mfa gain on all the hosts in te pool? I tried redirecting the cookies in \AppData\Local\Microsoft\Edge\User Data but this did not work
- MathieuVandenHautteSteel Contributor
Hi raymonvt,
I suppose you are only referring to interactive sign-ins to Microsoft cloud apps (via the browser)?
If your AVD enviroment is using a public fix IP-address then you could add this IP-address to the named (trusted) locations and use conditional access policies to exclude these locations from the MFA requirement for users.https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
Please note that authentication is not only managed by cookies but also by access and refresh tokens.