Aug 17 2023 04:06 PM - edited Aug 17 2023 06:44 PM
Hi All,
Testing:
- Passwordless (Phone Sign-in baseline)
- Sign in Frequency (Shorter than tenant setting)
- Desktops are hybrid, receiving their PRT but no not use WH4B
- Tenant still has Remember Trusted device for X Days enabled
I'm seeing some strange behavior where Azure AD is showing the MFA claim has expired when trying to access web portals (Auth loops, webapp access issues (Outlook fine but not Teams), error messages). If I revoke the session completely and re-login to the native app pop-ups, things are fine again for a while. If the user closes the native auth window, the native apps limp along even with the MFA claim issue within the browser but the webapps are still broken. WebApps continue to SSO in with the token in this state.
Research is pointing that it might be the tenant wide remember trusted device settings, although I am not in a position to disable this global setting until after the test deployment. Disabling the SIF, seems to resolve the MFA claim expiry immediately, i'll check in a few days to see if that is still the case as it'd be outside the trusted device setting interval too.
I have a support request at the moment with the advice to enable persistent browser sessions which I'll test but don't think that is the core of the issue. Is their a way around this, have others had similar issues?
Thanks!
Sep 08 2023 01:33 PM
Sep 08 2023 02:15 PM
@anday unfortunately not, still pushing the ticket but nothing meaningful just yet
Sep 10 2023 04:40 PM