How often will you be prompted for MFA in Microsoft 365? - Cobweb
Book a call Existing Customers Call: 03333 234 934 Visit Dubai Site

How often will you be prompted for MFA in Microsoft 365?

Home » Content Hub » How often will you be prompted for MFA in Microsoft 365?

Written By

Richard Meek

Publish Date

14/02/2023

Categories

Blogs

This article was last reviewed and updated for accuracy in May 2025.

What is MFA?

Multi-factor authentication (MFA) is a security feature that adds an extra layer of protection to users’ accounts by requiring them to provide two or more forms of authentication before accessing their data. In Microsoft 365, MFA is a commonly used security feature, and it can be configured by the organisation’s IT administrator to meet their specific security requirements.

When Are Users Prompted for MFA?

The frequency of which users are prompted for MFA in Microsoft 365 varies depending on the organisation’s settings, but typically, users are prompted when they:

  • Sign in from a new or untrusted device
  • Access their account from a new location or IP address
  • Change a password
  • Swap between Office 365 accounts
  • Perform a sensitive action, such as accessing financial or legal information.

Customising MFA Prompt Frequency

Microsoft 365 allows IT administrators to tailor MFA behaviour using conditional access policies and sign-in frequency settings. These policies can be configured to:

  • Require re-authentication every X days
  • Prompt only when risk is detected (e.g., unfamiliar sign-in behaviour)
  • Allow persistent browser sessions on trusted devices
  • Enforce MFA for all admin roles (mandatory as of February 2025)

🔒 New in 2025: Microsoft Entra ID (formerly Azure AD) now uses a rolling 90-day session lifetime by default, which can be adjusted based on your organisation’s risk tolerance.

If you have questions about multi-factor authentication or would like to find out more about implementing it within your business, get in touch with our team.