I've been dealing with multi-factor authentication (MFA) for a while, but I've run into a frustrating issue lately. When users initially set up the Authenticator app with their work email, everything seems fine. However, after 90 days, when their session expires, they're kicked out of the app and can't receive prompts to log back into their account. I've been advising them to delete the app and wipe their MFA methods, then set everything up again, which seems to fix the issue. I'm curious: is there a way to bypass the sign-in for the MFA app through a Conditional Access (CA) policy for specific users? Having such a policy could help them get back in without needing to redo everything. What solutions have others found successful for this?
4 Answers
It sounds like you might need a Conditional Access policy that applies to all users but skips the ones facing this issue while you figure it out. The challenge is ensuring that once they're back in, you can remove them from that exclusion without it messing up their access later.
I think the problem might actually be with how the MFA app's sign-in is handled within your Conditional Access settings. You should verify if the MFA app is classified as a standard cloud app under your CA rules.
I haven't experienced users being automatically kicked out after 90 days. Usually, if they're active, they should remain logged in. I've had situations where users get stuck needing more info, but re-adding them has resolved that quickly.
Have you checked if users are prompted to specify whether their account is for personal or work/school use during setup? That could play a part in how the authentication process functions.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Fix Not Being Able To Add New Categories With Intuitive Category Checklist For Wordpress
Get Real User IP Without Installing Cloudflare Apache Module
How to Get Total Line Count In Visual Studio 2013 Without Addons
Install and Configure PhpMyAdmin on Centos 7
How To Setup PostfixAdmin With Dovecot and Postfix Virtual Mailbox