Why you’d want to move away from ‘Allow users to remember MFA on devices they trust’Īs documented by Microsoft in its Optimize reauthentication prompts and understand session lifetime for Azure Multi-Factor Authentication page, this setting can have negative side-effects through its persistent cookie: Often, the setting is set at 14 days, as seen in the above screenshot. ![]() ![]() I see many organizations using this option, believing that it helps their people with less authentication prompts. Today I want to talk about the ‘ Allow users to remember multi-factor authentication on devices they trust’ option, that allows administrator to specify a number of ‘ Days before a device must re-authenticate (1-60):’ ![]() Last month, I made the case to move from per-user MFA to Conditional Access to leave behind the remnants of the PhoneFactor infrastructure, presented as old pages linked to from the Azure Portal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |