Change token length in Office 365 for Multi-factor authentication

Hello , I've enabled Multi factor Authentication in Office 365 in a test group.  The app password seems to be OK when logging into Outlook or another MS app but the Office 365 Portal makes me authenticate every time I log into the Office 365 portal. (my users would revolt if I put this in place)  I understand there is a token being used to control the process but how would I increase the token length to 1 or 2 weeks from a previously authenticate machine.  Is this possible?  I understand the importance of needing to authenticate on a machine for the first time.

Also, One of the authentication methods I would like to use is a call back to a desk phone/extension is grayed out in the O365 portal during the user registration for MFA. Anyway to fix this?
Thanks in advance
1212proAsked:
Who is Participating?
 
1212proConnect With a Mentor Author Commented:
I opened a case with Microsoft.  The told me the need to re authenticate when logging back into the O365 Portal cannot be changed when MFA is enabled.
0
 
Vasil Michev (MVP)Commented:
First of all, you should NOT be using app passwords unless absolutely necessary. Outlook 2013+ and all the mobile applications made by Microsoft support Modern authentication and thus can use MFA just fine.

For the token - validity should be 90 days by default/unlimited with use. Unless you have made changes to the default lifetimes (https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/active-directory-configurable-token-lifetimes.md). Bare in mind that specific applications (mostly the different admin centers or anything exposing security related information) will actually *require* you to perform MFA challenge every time. In addition, conditional policies can be configured to again require MFA in some scenarios, so check for that.

For the Office phone, check whether the corresponding setting is enabled under https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/PasswordReset
0
 
1212proConnect With a Mentor Author Commented:
The Office phone was unchecked So that is corrected.  I wasn't aware of the App password not being needed which will be an easy fix since there are only two users being tested, I'll just have them disregard that part.

So My ID, global admin, does need to authenticate every time which is what I would expect but the other "regular" user is also needing to do that too.  I haven't made any changes to the default time but 90 days would be great.  I'll look at the link you shared and let you know if I have any questions.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
1212proAuthor Commented:
Hello Vasil, Is there a PowerShell command I can use that would allow me to view the existing policies for Token Timeouts?  I had my regular user try to access the O365 Portal again and she still is forced to authenticate through her phone before it logs her in.  Here last successful authentication/login was about an hour ago
0
 
1212proAuthor Commented:
Where would I find the conditional policies?
0
 
1212proAuthor Commented:
We don't have azure Premium in Office 365 we are using the free version.  It looks like Conditional access policies require an upgrade.  SO hopefully they are defaulted at the 90 day timeout
0
 
1212proAuthor Commented:
Needed to open a case with Microsoft to confirm the requested modifications could not be made
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.