Forum Discussion
Conditional Access Policy will not save "Validating Policy"
Tomnibus_MedOne Yes, it started working for me as well yesterday, with no intervention required.
In fact, I haven't even heard back from Microsoft Support yet, despite opening the case 6 days ago and sending a chasing email a day or two ago.
- BTW, I just tried setting it to 45 days and it still won't save.
Hi, well the 90 days was something that just popped to mind so had to put it out there. As why it is not saving your settings I think it's better if I just link this for guidance.
https://dirteam.com/sander/2020/06/17/todo-move-from-the-allow-users-to-remember-multi-factor-authentication-on-devices-they-trust-option-to-conditional-access/
And for reference
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettingshttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
- I read the two reference links before. From what your dirteam.com link suggests, they are advocating that the remember device is not to be used. But also suggests you can enable the session sign-in frequency along with MFA (mostly from the comments) but that isn't working for me. it won't enable it. But it sounds like unless i want to reduce it from 90 days, I don't need it.
So, when using MFA, how do I get it to add the prompt "Remember this device for X days" option? Because under "Remember multi-factor authentication on trusted device" setting it tells me to use Conditional Access:
NOTE: For the optimal user experience, we recommend using Conditional Access sign-in frequency to extend session lifetimes on trusted devices, locations, or low-risk sessions as an alternative to ‘Remember MFA on a trusted device’ settings. If using 'Remember MFA on a trusted device,' be sure to extend the duration to 90 or more days. Learn more about reauthentication prompts.So, I should enable it in trusted device? Or require MFA with each login when outside my network?
