Forum Discussion
Session - Sign-in frequency best practice
I am looking for any best practice when it comes to how often we should prompt users to sign in again and also validate with the help of MFA.
I can not find any documentation that suggest how we should use the sign-in frequency for both regular users and priviliged users.
Please guide me in the right path 🙂
6 Replies
- I'm not sure there's a best practice as it's depending on the business use case. The default config is a rolling window of 90 days.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime#user-sign-in-frequency- Thank you for the response @Christian. I am fully aware of the default configuration. How would you suggest on building a business use case?
I have been trying to look into different ISO standards but can not find any documentation pointing out how often users should get prompted for MFA, especialy administrators.
do you have any personal recommendations?
I am currently doing some re-search for my organisation and from my experience i would like to set the Sign-in frequency to:
9h (1 work-day) for Priviliged roles
5 days for regular users (regular work-week), this would also regulate itself back to mondays if there were to be a holiday in the begining of the week.- You should involve your business here. Not sure it will be well received if making it mandatory with such short interval for regular users. Sounds as if you're in a highly regulated environment.
