Forum Discussion
Conditional Access- Users have to authenticate themselves frequently
Hello,
I am assessing my company's Azure AD conditional access. It was setup by somebody else before me and there's no documentation. Long story short- Our normal users(without any admin access) have complained that they have to sign back in to their azure portal/D365 on browsers very often. When I look at the CA policies for session control- I see that there is one policy that requires MFA for all users and also have sing in frequency as 14 days. Also, there's another policy for privileged users enforcing MFA where sign in frequency is set as 1 day and persistent browser session is set as 'Never'. If I understand this correctly, our normal user should only have to sign in again in their browser every 14 days but why is it that they have to authenticate themselves multiple times a day.
Any advice would be appreciated.
2 Replies
Hi ITrobot215,
Perhaps Idle session timeout is enabled. Have seen strange gred behavior more often when this feature is used. You can check this in the M365 admin center > Org settings > Security & privacyPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,Hi ITrobot215
Firstly, I suggest conducting a test using the What If tool for Conditional Access> https://learn.microsoft.com/en-us/entra/identity/conditional-access/what-if-tool
This will help you identify the policies affecting users experiencing sign-in frequency issues. There's a possibility that your policy intended for privileged users is also being applied to standard users due to a specific condition.
