Forum Discussion

Brass Contributor

Aug 25, 2019

Solved

MFA prompt frequency

I was reading through here and trying to figure out when my users will be prompted to re-authorize within their Outlooks as in the link below it seems like as long as they are using their existing co...

admin

office 365

VasilMichev
Aug 26, 2019
Generally speaking, yes. The token can expire in the event of password change, or if revoked by admins.

VasilMichev

MVP

Aug 26, 2019

"Once every 90 days" is for the scenario when you don't use the application continuously. If you do, the token is renewed automatically, and unless something like a password change occurs it will never prompt for creds. Since multi-factor auth is considered more secure, for it the 90 days inactive period doesn't apply, and it is now indefinite. More details for example here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

PS_83

Brass Contributor

Aug 26, 2019

I went through that the other day but it wasn't clear to me. Our users pretty much have Outlook open 24/7 365 so does that mean they won't need to re-authorize ever unless they get a new device or I need to make them a new outlook profile?

VasilMichev
MVP
Aug 26, 2019
Generally speaking, yes. The token can expire in the event of password change, or if revoked by admins.
- ChrisWebbTech
  MVP
  Aug 26, 2019
  Do you know if the tokens auto expire in the event of account disable? Going to assume so. But wondering if you have to go in and manually revoke tokens or not on an account termination, or what quickest way to assure lock out of data access.
  - VasilMichev
    MVP
    Aug 27, 2019
    They do not, but yeah you can revoke them as part of the "deprovisioning" workflow.