Change token length in Office 365 for Multi-factor authentication

Hello , I've enabled Multi factor Authentication in Office 365 in a test group.  The app password seems to be OK when logging into Outlook or another MS app but the Office 365 Portal makes me authenticate every time I log into the Office 365 portal. (my users would revolt if I put this in place)  I understand there is a token being used to control the process but how would I increase the token length to 1 or 2 weeks from a previously authenticate machine.  Is this possible?  I understand the importance of needing to authenticate on a machine for the first time.

Also, One of the authentication methods I would like to use is a call back to a desk phone/extension is grayed out in the O365 portal during the user registration for MFA. Anyway to fix this?
Thanks in advance
1212proAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
First of all, you should NOT be using app passwords unless absolutely necessary. Outlook 2013+ and all the mobile applications made by Microsoft support Modern authentication and thus can use MFA just fine.

For the token - validity should be 90 days by default/unlimited with use. Unless you have made changes to the default lifetimes (https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/active-directory-configurable-token-lifetimes.md). Bare in mind that specific applications (mostly the different admin centers or anything exposing security related information) will actually *require* you to perform MFA challenge every time. In addition, conditional policies can be configured to again require MFA in some scenarios, so check for that.

For the Office phone, check whether the corresponding setting is enabled under https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/PasswordReset
0
1212proAuthor Commented:
The Office phone was unchecked So that is corrected.  I wasn't aware of the App password not being needed which will be an easy fix since there are only two users being tested, I'll just have them disregard that part.

So My ID, global admin, does need to authenticate every time which is what I would expect but the other "regular" user is also needing to do that too.  I haven't made any changes to the default time but 90 days would be great.  I'll look at the link you shared and let you know if I have any questions.
0
1212proAuthor Commented:
Hello Vasil, Is there a PowerShell command I can use that would allow me to view the existing policies for Token Timeouts?  I had my regular user try to access the O365 Portal again and she still is forced to authenticate through her phone before it logs her in.  Here last successful authentication/login was about an hour ago
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

1212proAuthor Commented:
Where would I find the conditional policies?
0
1212proAuthor Commented:
We don't have azure Premium in Office 365 we are using the free version.  It looks like Conditional access policies require an upgrade.  SO hopefully they are defaulted at the 90 day timeout
0
1212proAuthor Commented:
I opened a case with Microsoft.  The told me the need to re authenticate when logging back into the O365 Portal cannot be changed when MFA is enabled.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
1212proAuthor Commented:
Needed to open a case with Microsoft to confirm the requested modifications could not be made
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.