The Azure AD sign-in flow gives users the option to remain signed in until they explicitly sign out. You can configure this setting in the company branding section under Azure Active Directory -> Company Branding This setting is not easy to find but has a major impact on the user experience. So, think twice when you consider tuning these settings. When users are used to entering credentials as a routine, they are more like going to fall for phishing attacks. Prompting your users for credentials or MFA more often does not mean that you are more secure. When organizations deploy MFA, there is one question that always comes back: “how often should we prompt our users for MFA?” These questions are mostly based on gut feeling. During that time, you are not prompted for your password, assuming that is it not changed over time. Once you logged in to Office 365, your session can be re-used for 90 days. When you leave every setting to default, the user experience is pretty good. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. Session lifetime in Azure AD is often mistaken. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Today a short blog about MFA prompts, session lifetime, and cookies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |