Although MFA (Multi-Factor Authentication) offers great security it can also become quite a nuisance. Checking your phone and typing in the MFA pin code dozens of times every day can become counterproductive.
In most setups, the “Remember Multi-Factor Authentication” feature is a reasonable trade-off between security and convenience. With “Remember Multi-Factor Authentication” you allow users to disable MFA temporarily on trusted devices for a limited number of days.
How to Set It Up
Follow these steps to allow users to disable MFA temporarily on trusted devices:
- Log in to the Azure portal and select Azure Active Directory
- Select Users
- Select Multi-Factor Authentication
- Select Service Settings
- Enable the feature and set the number of days to remember trusted device
Allowing users to limit the number of MFA logins on their personal devices is a great time saver.
For companies that need a high level of security, enabling this setting might not be the right choice (even though you can revoke the MFA bypass in case a trusted device is compromised).
But for the large bulk of companies that might opt out of multi-factor authentication due to the hassle, this option might just save the day.