MFA prompts occur when you log into apps and services using your SSO or when your session times out.
Some systems may impose their own rules, prompting for MFA more often than others depending on the person's account activity. In most cases however, prompt frequency will depend on the service and whether you are using a web browser or standalone application.
Browser based session timeouts depend on the type of service you are accessing:
- Azure login based services, such as web based versions of Outlook, Teams, OneDrive, SharePoint Online, Dynamics365, should persist for 7 days.
- Shibboleth protected resources, such as CoSy, TeamSeer or Clarity, should persist for 11 hours.
The browser will not require authentication again, for the service accessed or other services, until the session expires or the browser is closed.
Standalone desktop and mobile applications have a token that should persist for 90 days unless you need to login again for other reasons, such as following a software update.
The Linux Teams application is a notable exception as it behaves like a browser application, with session times persisting for 7 days.