Forum Discussion
Re: Conditional Access - Persistent browser session and LastPass SSO
joeyvldn Thanks for your reply!
Most users log in to Windows with their O365 user and password. Only 1 user has WHfB enabled.
Here is how my CA policy for browser sign-ins is configured:
- Cloud apps or actions: All cloud apps
- Conditions: Client apps -> Browser
- Grant: Require multi-factor authentication
- Session: Persistent browser session -> Never persistent
The Azure AD sign-in log tells me that the conditional access policy is applied.
The auth method says "Previously satisfied" and the result is "satisfied by claim in the token".
1 Reply
- Hi skywalker98,
Is this the user who is using WHfB? Check previous sign-in logs to determine which sign-in was prompted for MFA. If not. Is the Per-user MFA configured as enforced for this user?
I would recommend to focus on implementing WHfB. Windows sign-ins with WHfB are automatically protected by MFA and thus portal.office.com would be flagged as "previously satisfied".
