![]() It is stored in the MFA service settings. This setting is also not that easy to find. When you prompt your user for MFA, there is another setting that is coming into the picture. The Azure AD default for browser session persistence allows users on personal devices to choose whether to persist the session by showing a “Stay signed in?” prompt after successful authentication. This will create a persistent cookie on the endpoint, so the users’ session is stored. This doesn’t change Azure AD session lifetime but allows sessions to remain active when users close and reopen their browser. The Azure AD sign-in flow gives users the option to remain signed in until they explicitly sign out. You can configure this setting in the company branding section under Azure Active Directory -> Company Branding This setting is not easy to find but has a major impact on the user experience. ![]() So, think twice when you consider tuning these settings. When users are used to entering credentials as a routine, they are more like going to fall for phishing attacks. Prompting your users for credentials or MFA more often does not mean that you are more secure. ![]() When organizations deploy MFA, there is one question that always comes back: “how often should we prompt our users for MFA?” These questions are mostly based on gut feeling. During that time, you are not prompted for your password, assuming that is it not changed over time. Once you logged in to Office 365, your session can be re-used for 90 days. ![]() When you leave every setting to default, the user experience is pretty good. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. Session lifetime in Azure AD is often mistaken. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Today a short blog about MFA prompts, session lifetime, and cookies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |