Trouble with MFA Prompts on Macbook for AVD Users

So, just to clarify, it sounds like the user may not be getting the 2FA prompt, but other users are fine. You mentioned that for your environment, if a session times out, it prompts for 2FA for the Windows app, right? There's typically a token lifetime of about 90 days. Maybe there's something specific happening with the Macbook setup.

First, check the user's sign-in logs in Entra to see if conditional access was bypassed for them. It's possible that the option to revoke MFA sessions is no longer valid after the transition to per-user MFA, which might explain the error you're encountering.

I put in a ticket with Microsoft regarding the MFA sessions, and they mentioned that the option to revoke MFA is tied to whether the user is enabled or enforced in per-user MFA. It seems like the right move now is to use the 'Revoke sessions' feature instead. I hope this helps clear things up!

This issue seems to have been common for a few weeks now, and while it doesn't directly link to the outage on October 29th, it's worth considering. The way MFA sessions are revoked has indeed changed lately, and Microsoft is now recommending using 'Revoke sessions' instead, as the per-user MFA option has been retired.

I had a similar issue where a user accidentally reported the MFA prompt as malicious. You might want to check if the user is blocked on the admin side; there's a page on Microsoft Entra that can help with that.