How to Manage MFA Prompts for Azure AD Login

Depending on Azure AD settings, login with an account configured to use MFA may not always prompt for MFA. This experience can be managed via the Azure AD Multi-factor Authentication Service Settings page; or via Conditional Access page for those using Azure AD premium features.

Please follow the below guide to manage your preferred MFA experience via the Azure AD Multi-factor Authentication Service Settings page.

Login to your Azure AD portal (portal.azure.com) as an ADMIN

Open the MFA Service Settings page: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx

Scroll down to the section titled “remember multi-factor authentication on trusted device”. See example below.

If you want users to always be prompted for MFA when using TruGrid Desktop Connectors, please clear the ALLOW box and SAVE the settings.

If you want users to NOT always be prompted for MFA when using TruGrid Desktop Connectors, please enable the ALLOW box and configure your preferred "Number of days users can trust devices for".

NOTE: When this ALLOW box is checked, users will only be asked to provide MFA during first login when TruGrid Desktop Connector is opened. While TruGrid Desktop Connector is opened, users will not be asked to provide MFA when they SIGN OUT and SIGN back in to the app. However, MFA will always be required during the first login when the app is completely closed and re-opened. This experience is managed by Azure AD and not TruGrid.

Azure MFA Service Settings

TruGrid will conduct additional testing for those using Azure AD Conditional Access and update this guide thereafter
Was this article helpful?
Cancel
Thank you!