Reputation: 147
How to enforce a MFA session expiry after 24 hours
Azure AD MFA newbie here. I have been asked to come up with MFA configuration based on a set of business rules.
One business rule is: MFA sessions will expire after 24hrs or pc shutdown, whichever comes first.
To enforce the 'expire after 24hrs' part of the business rule, I propose setting [remember multi-factor authentication > Days before a device must re-authenticate] to 1 day, and not enabling [Allow users to remember multi-factor authentication on devices they trust]. Does this sound like the correct approach?
I cannot find anywhere to enforce MFA after a pc shutdown, is there anything like that available?
Thank you for any advice.
Upvotes: 2
Views: 3519
Answers (1)
Reputation: 7728
For remembered devices, you should be able to configure the Days before a device must re-authenticate. This option lets users who have successfully authenticated through multi-factor authentication avoid future multi-factor authentication prompts for the next 1–60 days, depending on the value that's configured.
Upvotes: 2
Related Questions
- Is there a lockout feature in Azure AD MFA?
- Azure AD MFA is not deterministic
- MFA automatically enabled on Azure AD B2C tenant
- MFA prompt after a certain time elapses
- Shorter MFA window per policy
- Enable Azure MFA by changing user state
- Azure Active Directory multi-factor check for authorization
- Can We Control MFA Frequency?
- Implementing Sliding Expiration in OpenIdConnect with Azure
- How to keep user signed in longer when using Azure Active Directory (AAD)?