Office 365 Multi-Factor Authentication

How often will you be prompted for MFA in Outlook for Office 365?




When using Multi-factor authentication in Office 365 something that is good to understand is how often you can expect to be prompted to enter the second factor.


Microsoft Office 365 session timeouts article below explains how this works in the Azure Active Directory with modern authentication section: Session timeouts for Microsoft Office 365



When you successfully authenticate you will receive a access token and a refresh token to be able access Office 365 services . The access token is only valid for an hour and then the refresh token is used to obtain a new access token if the initial authentication is still valid.



The Refresh token is valid for 14 days but if you are continuously using your mailbox during this period it can last up to 90 days.



So it could be you are not asked for Multi-factor authentication again for up to 90 days in Outlook.



Things that could force you to re-authenticate:



  • If you sign in and out again in Office clients
  • Don't login for 14 days on that device
  • Change your password
  • Administrators can apply conditional policies to restrict the resource the user is trying to access
  • Swap between Office 365 accounts


More information on how to enabled modern authentication in Office 365 can be found below:


How modern authentication works for Office 2013 and Office 2016 client apps