SOLVED

Conditional Access - Require multi-factor authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-123005%22%20slang%3D%22en-US%22%3EConditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-123005%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20conditional%20access%20policy%20set%20to%20Grant%20with%20MFA%20(among%20others)%20-%20but%20how%20often%20is%20the%20MFA%20challenged%3F%20It's%20not%20on%20each%20login%20-%20so%20it%20once%20a%20day%20or%20just%20once%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ETrent%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20616px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F23295iBF18D3BC968639AA%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22SharePointCApolicy.PNG%22%20title%3D%22SharePointCApolicy.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-123005%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-197195%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-197195%22%20slang%3D%22en-US%22%3EI%20have%20posted%20with%20a%20new%20thread.%20Kindly%20help%20it%20out%20as%20the%20customer%20is%20chasing%20to%20know%20about%20this%20query%20and%20whether%20it%20really%20works%20with%20Android%20Devices%20or%20not.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196244%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196244%22%20slang%3D%22en-US%22%3Eplease%20post%20this%20as%20a%20new%20thread%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196165%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196165%22%20slang%3D%22en-US%22%3E%3CP%3ESuppose%20Let's%20say%20I%20have%20configured%20the%20conditional%20access%20policy%20for%20Android%20Devices%20and%20I%20have%20targeted%20the%20Client%20Apps%20(Exchange%20Online%2C%20OneDrive%2C%20Teams%2C%20Yammer%20and%20Skype)%20and%20I%20have%20also%20enabled%20the%20option%20to%20mark%20the%20device%20as%20a%20trusted%20device%20so%20that%20it%20shouldn't%20come%20with%20the%20token%20(MFA)%20for%20each%20applications.%20I%20want%20to%20know%20for%20Android%20Devices%20whether%20the%20option%20comes%20for%20%3CEM%3E%22don't%20ask%20me%20again%20for%20x%20days%22%3C%2FEM%3E%20when%20we%20configure%20for%20One%20Time%20Password%20and%20MFA%20for%20one%20Application.%20As%20I%20couldn't%20able%20to%20see%20this%20option%20coming%20in%20android%20devices%20and%20it%20keeps%20prompting%20code%20for%20other%20applications%20as%20well.%20Kindly%20see%20the%20screenshot%20for%20the%20same.%20This%20I%20have%20tested%20for%20Windows%20Devices%2C%20iOS%20devices%20and%20it%20is%20smoothly%20working%20without%20asking%20any%20MFA%20for%20other%20apps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-123434%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-123434%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20it's%20set%20to%207%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-123104%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20-%20Require%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-123104%22%20slang%3D%22en-US%22%3E%3CP%3ECheck%20the%20MFA%20Settings%20page%20to%20see%20if%20you%20have%20the%20'remember%20device'%20checkbox%20set.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faccount.activedirectory.windowsazure.com%2FUserManagement%2FMfaSettings.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccount.activedirectory.windowsazure.com%2FUserManagement%2FMfaSettings.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20415px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F23315iC006646CFF54FEF4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MFA.jpg%22%20title%3D%22MFA.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi All

 

I have a conditional access policy set to Grant with MFA (among others) - but how often is the MFA challenged? It's not on each login - so it once a day or just once?

 

Thanks

Trent

SharePointCApolicy.PNG

 

 

5 Replies
Highlighted
Best Response confirmed by Trent Queen (Contributor)
Solution

Check the MFA Settings page to see if you have the 'remember device' checkbox set.

https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx

MFA.jpg

Highlighted

Thanks, it's set to 7 days.

 

Highlighted

Suppose Let's say I have configured the conditional access policy for Android Devices and I have targeted the Client Apps (Exchange Online, OneDrive, Teams, Yammer and Skype) and I have also enabled the option to mark the device as a trusted device so that it shouldn't come with the token (MFA) for each applications. I want to know for Android Devices whether the option comes for "don't ask me again for x days" when we configure for One Time Password and MFA for one Application. As I couldn't able to see this option coming in android devices and it keeps prompting code for other applications as well. Kindly see the screenshot for the same. This I have tested for Windows Devices, iOS devices and it is smoothly working without asking any MFA for other apps. 

Highlighted
please post this as a new thread
Highlighted
I have posted with a new thread. Kindly help it out as the customer is chasing to know about this query and whether it really works with Android Devices or not.