172 votes25 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We are reviewing the option to use App Password with MFA enforced by Conditional Access. We strongly recommend using modern authentication, if possible, which removes the need for App Passwords.Dan supported this idea ·
299 votes22 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We are currently considering updating the Remember MFA settings. You can use Conditional Access Sign-in frequency policy to extend the session lifetime up 365 days.
An error occurred while saving the commentDan commented
The expiration of a registered device is like that of passwords. The industry has found that regularly expiring passwords is in fact less secure and so it is probably a matter of time before something like this is recognized in the same light.
That said, I think the existing option is to leverage Intune and the Conditional Access method of enforcing MFA. We have been piloting Azure MFA enforced by Conditional Access for the past few months and this question has come up as the user experience was a concern. It has been difficult to explain to users why they get multiple MFA challenges on a single device. Luckily, we were evaluating Intune at the same time and plan to head that direction.