We currently are using Windows 2012 R2 ADFS servers setup in a farm and federated with Office 365 and supporting 10K users. We are also piloting a third party MFA product and the following question as been asked we need to find out how to define policy where if a session lifetime post initial logon is set to a specific amount of time, say, 8 hours, that the authenticating end-user will not be prompted for 2-factor authentication until the session expires. The relying party trust (application subject to 2FA under ADFS) is Office365.
From my understanding, the sessin lifetime is a global setting correct? Also I only other way to change ADFS token liftimes is using the new Preview feature in AZure which allows you to do so. Is this correct?