Sign-in Frequency (and keep me signed-in) not working with Conditional Access MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-1799955%22%20slang%3D%22en-US%22%3ESign-in%20Frequency%20(and%20keep%20me%20signed-in)%20not%20working%20with%20Conditional%20Access%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1799955%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%2C%20I%20need%20help%20on%20this!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20MFA%20through%20Azure%20Conditional%20Access%20was%20setup%20in%20our%20environment%20and%20intent%20was%20for%20the%20MFA%2FSign-in%2FSession%20token%20to%20be%20available%20for%20a%20set%20numbers%20of%20days%20until%20expiry%20and%20users%20will%20be%20forced%20to%20sign-in%20or%20MFA-in%20after%20set%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20this%20seems%20not%20to%20be%20working%20for%20all%20users%20(except%20just%20few%20users)%20get%20this%20action...and%20the%20setup%20involved%20using%20the%20'sign-in%20frequency'%20setup.%20Hence%2C%20token%20doesn't%20expire%20and%20does%20not%20require%20users%20to%20re-validate%20the%20log-on%20sessions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anything%20that%20may%20have%20been%20missed%20out%20with%20the%20setup%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1799955%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20%26amp%3B%20Access%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20for%20Office%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi,

 

Please, I need help on this!

 

So MFA through Azure Conditional Access was setup in our environment and intent was for the MFA/Sign-in/Session token to be available for a set numbers of days until expiry and users will be forced to sign-in or MFA-in after set days.

 

However, this seems not to be working for all users (except just few users) get this action...and the setup involved using the 'sign-in frequency' setup. Hence, token doesn't expire and does not require users to re-validate the log-on sessions.

 

Is there anything that may have been missed out with the setup?

 

Thanks.

0 Replies