MFA Behavior: Browser Settings Triggering Unwanted Multi-Factor (MFA) Check-ins

Microsoft 365 web apps like should only need to have you complete one MFA check-in each 30 days so long as you've (1) chosen the option to "stay signed in", and (2) don't manually sign out from your session. Even with these steps, there are web-browser settings that can prevent this from working normally, even when completing other steps correctly.

The article below will outline those settings, and can be used to troubleshoot if you're experiencing things like web Outlook always requesting an MFA check-in. This write-up gives this info for the Edge browser, but these settings will look very close to those found in both Chrome and Firefox.

Covering the Basics

The most basic setting we want to check is to be sure your browser isn't set to clear all browsing data each time it's closed.

For this, we'll check the three dots in the upper-right (". . .", also called Settings and more) > Settings > Privacy, search, and services, and then scroll down to the Clear browsing data section, where you can click Choose what to clear every time you close the browser. On this new section, we want to be sure the option for Cookies and other site data is turned Off.

Browsing data settings are mostly included in the "Privacy, search, and services" section

A Few More Options

We'll find even more settings to check under the three dots in the upper-right (". . .", also called Settings and more) > Settings > Cookies and site permissions page.

Within Cookies and data stored / Cookies and site data, we want to be sure "Allow sites to save and read cookie data (recommended)" is turned On. There's also a setting for "Block third-party cookies" that can be turned Off which may help.

"Cookies and stored data" contains the settings we're looking for

We want to make sure the site you're trying to use (i.e., isn't included among the sites set to "Block" cookies.

We don't want any sites that we're having the MFA trouble on included in the "Block" section.

We want to be sure none of the sites we're using are included in the "Clear on exit" section

"Clear on exit" shouldn't include any of our MFA sites

Lastly, we want to be sure there's an exception to allow Pop-ups and redirects for the sites we want to use (i.e., You can paste several different versions of the same website to this list, if you aren't sure which to choose. For example, after you've signed into, the site may redirect to, and you could include both of those addresses.

It's recommended to keep the general "Block" option enabled, but to add an exception for each site that has an MFA issue

More on Finding Browser Options: Once you're in the Settings menu in most web browsers (i.e., Chrome/Edge/FireFox), you can find settings using the Search bar shown near the top of that page. The directions in this article specify names/categories/headers in the order you'll find them, but you can pull up those same locations more directly by searching for words included in the settings themselves.

So for example: To pull up a list of the browser settings related to cookies, looking for the word "cookies" may bring up those settings more easily, and those settings can be adjusted within the results!


Print Article


Article ID: 142747
Mon 4/18/22 4:48 PM
Tue 4/19/22 4:01 PM