Office 365 and sign in issues

Enabled multi-factor login for Office 365 on a site of ours. This is NOT an ADFS system.

Everyday users are complaining they have to sign in. Even though they said say logged in, it logs them off. Some users dont even get asked do you want to stay logged in.
When you have to login then wait for a security code then type that in everyday in some cases more than once a day its very frustrating!

Any thoughts?
LVL 1
SoHandyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CodeTwo SoftwareSoftware DeveloperCommented:
Introducing MFA is usually a difficult time for users.
A few tips to make it more bearable:
Users can install a Microsoft Authenticator App to make the authentication process a bit easier
You can configure the MFA mechanism to help your users. Check the Allow users to suspend Multi-Factor Authentication by remembering their devices and keep the default set to 14 days option in the Azure Management Portal to give users a chance to suspend the MFA mechanism on a device they use to log in.
0
SoHandyAuthor Commented:
Thanks for the reply man

just regarding allowing users to suspend multi factor, seems to defeat the purpose of having it enabled in the first place?
This option is that a global suspend, or is just that particular device.
I'd of thought the whole stay logged in option once slected on a device it would be able to pick up that its an office pc and not have to do a workaround of disabling multifactor?

Sorry never seen this option and all the googleing ive done never mentioned this option to me. Dont mean to be poo pooing your idea just as i said not familiar with it.
would you mind going into further details please.
Also is the app just for handheld devices?
is for mobile devices all good with that one
0
CodeTwo SoftwareSoftware DeveloperCommented:
Sorry for not being thorough in the first place.
Suspending multi-factor authentication does not defeat its purpose - it simply allows users not to verify with an app password on a device for some time and only if they are successfully verified in the first place. If they try to log in from a different device, they will need to be authenticated with the MFA code, as usual.
The easiest way to get to this setting is to go to Office 365 Admin Center > Users > Active Users > More > Setup MFA > Service Settings
At the very bottom of the window, you can enable this function and choose for how many days the device will be remembered as an authenticated one.
When it comes to the "stay logged in" feature, it should keep the user's session, so that they are not logged out. However, it will never work, for example, when users use a browser in a "private mode".
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

SoHandyAuthor Commented:
Sound man Ta

See the settings there alright, still a little confused as to why i need to enable this. Even after selecting at login to stay logged in that why its NOT staying logged in, is it a glitch on Microsoft part or is it normal multifactor enabled system as in, yes ive told it to stay signed in but i dont care multi factor is enabled and you dont have i choice?
0
CodeTwo SoftwareSoftware DeveloperCommented:
Stay signed in and do not ask for authentication code for X days are two completely independent features.
Stay signed in should work even with MFA enabled. Usually, all problems concerned with using this function can be solved by clearing the users' browser cache. You can check how exactly it works in this Microsoft Blog.
Well you do not *have to* enable the option I mentioned. All it does is that when a user gets logged out, they will not have to insert the additional authentication code for some time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SoHandyAuthor Commented:
Ta for that man much appreciated!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.