Forum Discussion
Changes in how MFA frequency is Determined?
Recently a couple of my users began reporting a significant increase in the frequency in which they are required to re-authenticate. When prompted for 'Stay Signed In', they respond 'yes'. Despite this, they are being asked to sign-in much more frequently than our policy states.
I don't believe we have changed any relevant policy parameters, and so has anything changed in how sign-in frequency is determined?
- Have you validated the CA policies for session sign in frequency?
- Yes it was the first thing I checked.
- If you are confident that there is nothing in the policies that may be causing this then the next logical step would be to open a case with MS. This sounds like an issue with the PRT in your tenant.
- Hi,
A lot of people are currently experiencing a similar issue with SSO.
It might be due to the fact that Microsoft is after changing the Windows Single sign on experience. In order to be compliant with the Digital Markets Act (DMA) within the European Economic Area (EEA), Microsoft has started altering how Windows operates to align with global regulations like the DMA. One significant change involves the sign-in process for apps on Windows.
If you look at the sign-in logs for the users and see error code 9002341 or similar with the failure reason being "User is required to permit SSO", have a read through my blog post below.
https://www.welkasworld.com/post/tackling-mfa-fatigue-a-solution-for-sign-in-error-code-9002341-user-is-required-to-permit-sso
Hopefully this helps.
