12 thoughts on “Conditional access and sign-in frequency”

  1. Peter,

    Great article, very informative. I’m hoping you can help me solve a conditional access requirement. How would I make non-compliant users adhere to a sign-in frequency while not affecting compliant devices?

    I have a conditional access for company phones that do not prompt MFA/password if Azure AD bound, compliant, and/or trusted locations.

  2. Just to make sure I better understand this setting. If applied, it’s no longer a rolling window? So you enforce a logon (password prompt) at the selected frequency?

    When using an Azure AD registered device, then a user that logs on the device will not see other password prompts? In both apps and browsers?

    Regards, Kaj

  3. What happens if you select the option in your browser to cache your credentials when you sign into the Session?

    Does this mean your password automatically populates in the sign in box and potentially leaves a user’s account exposed on an unmanaged device ?

  4. Could you clarify/confirm someting on the user experience for me. Currently we have CA policies in place that do not take advantage of sign-in frequency. If we enable sign-in frequency for 30 days, will users be prompted to authenicate 30 days from now? IE Everyone at the same time? OR is the sign-in frequency more like 30 days from the last time each individual user last authenticated therefore spreading out all users accross the next 30 days?

  5. Hi, first of all thank you to take time and write this awesome article.
    We use Azure AD App Proxy service to publish our Line of Business application to internet.
    We also use Conditional Access to force MFA for LoB applications.
    As i understand Sign-in frequency and Perssistant Browser Session works only for cloud apps.
    There is any way to apply it to LoB applications also?
    Thank you.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.