How to Configure “Remember Multi-Factor Authentication” on Trusted Devices

Although MFA (Multi-Factor Authentication) offers great security it can also become quite a nuisance. Checking your phone and typing in the MFA pin code dozens of times every day can become counterproductive.

In most setups, the “Remember Multi-Factor Authentication” feature is a reasonable trade-off between security and convenience. With “Remember Multi-Factor Authentication” you allow users to disable MFA temporarily on trusted devices for a limited number of days.

How to Set It Up

Follow these steps to allow users to disable MFA temporarily on trusted devices:

  1. Log in to the Azure portal and select Azure Active Directory
Azure Multi-Factor Authentication Remember Devices 01
  1. Select Users
Azure Multi-Factor Authentication Remember Devices 02
  1. Select Multi-Factor Authentication
Azure Multi-Factor Authentication Remember Devices 03
  1. Select Service Settings
Azure Multi-Factor Authentication Remember Devices 04
  1. Enable the feature and set the number of days to remember trusted device
Azure Multi-Factor Authentication Remember Devices 05

Summary

Allowing users to limit the number of MFA logins on their personal devices is a great time saver.

For companies that need a high level of security, enabling this setting might not be the right choice (even though you can revoke the MFA bypass in case a trusted device is compromised).

But for the large bulk of companies that might opt out of multi-factor authentication due to the hassle, this option might just save the day.