Forum Discussion
Conditional Access - Persistent browser session and LastPass SSO
Hey everyone Our customer has Azure AD connected devices that are set up with Intune. We also have SSO set up for LastPass, which works without any issues. Now the customer wants to enable ...
joeyvldn Thanks for your reply!
Most users log in to Windows with their O365 user and password. Only 1 user has WHfB enabled.
Here is how my CA policy for browser sign-ins is configured:
- Cloud apps or actions: All cloud apps
- Conditions: Client apps -> Browser
- Grant: Require multi-factor authentication
- Session: Persistent browser session -> Never persistent
The Azure AD sign-in log tells me that the conditional access policy is applied.
The auth method says "Previously satisfied" and the result is "satisfied by claim in the token".
Hi skywalker98,
Is this the user who is using WHfB? Check previous sign-in logs to determine which sign-in was prompted for MFA. If not. Is the Per-user MFA configured as enforced for this user?
I would recommend to focus on implementing WHfB. Windows sign-ins with WHfB are automatically protected by MFA and thus portal.office.com would be flagged as "previously satisfied".
Is this the user who is using WHfB? Check previous sign-in logs to determine which sign-in was prompted for MFA. If not. Is the Per-user MFA configured as enforced for this user?
I would recommend to focus on implementing WHfB. Windows sign-ins with WHfB are automatically protected by MFA and thus portal.office.com would be flagged as "previously satisfied".