10 thoughts on “Conditional access and sign-in frequency”

  1. Peter,

    Great article, very informative. I’m hoping you can help me solve a conditional access requirement. How would I make non-compliant users adhere to a sign-in frequency while not affecting compliant devices?

    I have a conditional access for company phones that do not prompt MFA/password if Azure AD bound, compliant, and/or trusted locations.

  2. Just to make sure I better understand this setting. If applied, it’s no longer a rolling window? So you enforce a logon (password prompt) at the selected frequency?

    When using an Azure AD registered device, then a user that logs on the device will not see other password prompts? In both apps and browsers?

    Regards, Kaj

  3. What happens if you select the option in your browser to cache your credentials when you sign into the Session?

    Does this mean your password automatically populates in the sign in box and potentially leaves a user’s account exposed on an unmanaged device ?

  4. Could you clarify/confirm someting on the user experience for me. Currently we have CA policies in place that do not take advantage of sign-in frequency. If we enable sign-in frequency for 30 days, will users be prompted to authenicate 30 days from now? IE Everyone at the same time? OR is the sign-in frequency more like 30 days from the last time each individual user last authenticated therefore spreading out all users accross the next 30 days?

  5. Yes I have previously read this page though I don’t think it answers my question. Adding some additional context to previous scenario. All user devices are iOS and Android using MSFT mobile apps.

  6. Hi Manoj,
    To my knowledge, the required data points are always available and don’t start counting when you enable the sign-in frequency in CA. Main reason for that statement is that the default sign-in frequency is always applicable in the first place.
    Regards, Peter

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.