![]() Why you might not want to make the switch Now, an admin controls this behavior centrally. Leave the ‘Keep me signed in’ (KMSI) world behind, where people in the organization need to tick the box themselves at the Stay signed-in? screen. ![]() Set persistent cookies per Microsoft Cloud application, Azure AD-integrated application and Azure AD Application Proxy-published application, allowing for fine-grained ‘Remember multi-factor authentication’ settings.Switching from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access, allows Azure AD admins to: ![]() It overrides the default behavior for modern authentication clients (like Microsoft Outlook) who only prompt every 90 days, by default.Ĭonditional Access is fast becoming the one-stop-shop for all Microsoft Cloud authorization decisions.Therefore, it prompts for re-authentication more often than when the setting is not configured. It overrides the ‘Keep me signed in’ (KMSI) setting in Company Branding.Why you’d want to move away from ‘Allow users to remember MFA on devices they trust’Īs documented by Microsoft in its Optimize reauthentication prompts and understand session lifetime for Azure Multi-Factor Authentication page, this setting can have negative side-effects through its persistent cookie: ![]() Often, the setting is set at 14 days, as seen in the above screenshot. I see many organizations using this option, believing that it helps their people with less authentication prompts. Today I want to talk about the ‘ Allow users to remember multi-factor authentication on devices they trust’ option, that allows administrator to specify a number of ‘ Days before a device must re-authenticate (1-60):’ Last month, I made the case to move from per-user MFA to Conditional Access to leave behind the remnants of the PhoneFactor infrastructure, presented as old pages linked to from the Azure Portal. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |