MFA prompts occur when you log into apps and services using your SSO or when your session times out.
Some systems may impose their own rules, prompting for MFA more often than others depending on the person's account activity. In most cases however, prompt frequency will depend on the service and whether you are using a web browser or standalone application.
Browser based session timeouts depend on the type of service you are accessing:
- Azure login based services, such as web based versions of Outlook, Teams, OneDrive, SharePoint Online, Dynamics365, should persist for 7 days.
- Web based Outlook has a session time out of 8 hours.
- Shibboleth protected resources, such as CoSy, TeamSeer or Clarity, should persist for 11 hours.
The browser will not require authentication again, until the session expires or the browser is closed.
Please note the session timeouts outlined above are the advertised session times set by the policy. However, it is possible to configure some browsers to retain sessions on closure or to utilise the Windows Work or school accounts on your device through your browser, so the sessions persist longer than advertised.
Standalone desktop and mobile applications have a token that should persist for 90 days unless you need to log in again for other reasons, such as following a software update.
The Linux Teams application is a notable exception as it behaves like a browser application, with session times persisting for 7 days.