What the parent describes is exactly how it works for my employer's O365 system. I get MFA requests on a regular basis even on known devices. Ticking the 'dont ask again' option has no effect. Meanwhile Google on the same devices nags me once a week at the most.
I have a lot of experience managing O365/Azure, and these issues all come down to the config of MFA in the O365/Azure tenant. They may even be intentional for "security" purposes.
To be fair, O365 and Azure change all the time. I've seen these issues on neglected O365 tenants, usually MFA was setup years ago and never touched again.
Do we work at the same company or is O365 that bad? We just had a big discussion on Slack as to what that checkbox actually does, because it's apparently nothing...
I've seen google devices nag daily, and O365 stay logged in for weeks/months.
Too few measurements to have a strong opinion on which scenario is more likely, but it does seem interesting that a number of configuration or other issues seem to be solved by : just aske for auth again.
A tenant can be set up to expose the “don’t ask me to sign in again on this device” option, and to let the MFA last for a certain amount of time. It would be worth reviewing your tenant config. MFA shouldn’t be as big a pain as people are making it out to be here. If it is, it’s either been set that way deliberately (security concern) or accidentally.
I don’t get recurring Authenticator requests on my phone. On desktop, I use a different browser profile for each tenant I have admin rights to and sign in with accounts specific to those tenants. MFA requests are very rare.
If you’re using a single account to hop between tenants (like a MS partner acct), in a single browser session, it’s very messy and requires you to pay very careful attention to which tenant you happen to be in. I don’t advise this approach.
Same, I get a request from the authenticator app, login in via facetime and click a dialog that asks me to authorize (yes/no). I don't love it, but it's pretty simple.