If the tenant is configured with the MFA setting for 90 days, the device token will expire as per the setting, and you will be prompted to complete “Re-Authentication.”
If the customer has an Azure AD Premium license, they can configure the MFA Setting “Remember multi-factor authentication on trusted device” under the Conditional Access Policy. Below are the steps to do so.
- Turn off the MFA setting “Remember multi-factor authentication on trusted device.”
- Create a new Conditional Access policy.
- Under Assignments → User and Groups, Select All users under the Include tab and select the Backup Admin under the Exclude tab.
- Select All Cloud Apps in Cloud Apps and Actions.
- Under Access Control → Session, select Sign-in frequency and configure the number of days customers need to remember the device for other users.
If the customer doesn’t have an Azure AD Premium license, then they need to either disable that MFA setting (Remember multi-factor authentication on trusted device) or perform reauthentication on Dropsuite at every ‘x’ number of days that they configured the MFA setting.