Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Is it possible to Uncheck by default the "Don't ask again for X days"

Copper Contributor

Helo,

We are setting up MFA with Microsoft 365 Standard licences, so we do not have lots of options. Still, is it possible to uncheck option to remember device by default? So user has to check it if needed?

Thank you

kirillputryk_0-1616750684793.png

 

5 Replies
Hi if you uncheck the option in the main configuration
You will get this : Note: disabling this feature means that all users will be required to sign in using Multi-Factor Authentication, even if signing in from a previously-remembered device.

You should you conditionnal access tp have more options .
Hi, you are talking about service configuration - I do want let users to remember device fo 90 days, but I do not want this option to be checked as default, when they are logging in...
It's not possible simply because they need to define for the first time what is their are trusted device . And checking the box mark the device as trusted .
See the part of the documentation below

Mark a device as trusted
After you enable the remember Multi-Factor Authentication feature, users can mark a device as trusted when they sign in by selecting the option for Don't ask again.

and the reference : https://docs.microsoft.com/EN-US/azure/active-directory/authentication/howto-mfa-mfasettings
I understand that. I want them to check trusted device (that is perfectly fine). But right now they have tu uncheck untrusted devices. So is it possible to setup default value "Uncheck" so users have to "Check"?
In my opinion it's not possible since this option does'nt exist neither in MFA service settings nor in MFA user settings .They are supposed to authenticate with their corporate devices or the device that they plan to use for work . They still can disable their device and disconnect from all if there is an risk identified or a loss