Ensure that "Allow users to remember multi-factor authentication on devices they trust" feature is disabled within your Microsoft Azure account in order to make sure that your users are not allowed to bypass MFA. Multi-Factor Authentication is an efficient method of verifying your Azure user identity by requiring an authentication code generated by a virtual or hardware device in addition to your usual access credentials.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Remembering Multi-Factor Authentication (MFA) for devices and browsers allows Microsoft Azure users to have the option to bypass MFA for a certain number of days after performing a successful sign-in using an MFA passcode. Remembering MFA can enhance usability by minimizing the number of times a user may need to perform two-step verification on the same device, however, if an account or device is compromised, remembering Multi-Factor Authentication for trusted devices and browsers can lead to security breaches. When "Allow users to remember multi-factor authentication on devices they trust" feature is disabled, for every login attempt, the users will be required to perform Multi-Factor Authentication.
Audit
To determine "Allow users to remember multi-factor authentication on devices they trust" feature status, perform the following actions:
Note: Retrieving configuration status for "Allow users to remember multi-factor authentication on devices they trust" feature using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To disable remembering Multi-Factor Authentication (MFA) for your Azure Active Directory (AD) users and deny trusted devices and browsers to bypass the two-step verification, perform the following actions:
Note: Managing configuration settings for "Allow users to remember multi-factor authentication on devices they trust" feature using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Disable Remembering Multi-Factor Authentication
Risk level: High