![]() ![]() As others mentioned above, it's painful to turn off completely and just not worth the hassle to most orgs as M365 will challenge someone that is trying to log in from a different device or different IP address. Remembering trusted devices can be set to on or off and then a number of days between 1 and 365. ![]() You'll need to grab admin templates and disable those via Group Policy if you really want to kill the sharing of MFA authorizations between apps on users' PC's.Īs for how much time is passed between MFA rechallenging, that can be set in 'service settings' of the MFA menu in the M365 admin center (M365 admin center -> Users -> Active users - Multi-factor authentication -> service settings -> remember multi-factor authentication on trusted device). Microsoft SSO is enabled by default in Windows, in Microsoft Edge, and on Microsoft 365 desktop apps. ![]()
0 Comments
Leave a Reply. |