Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
Why This Matters
Allowing users to remember multi-factor authentication on trusted devices reduces security by letting them bypass MFA for a set period after a successful sign-in. If an account or device is compromised, this trusted device exception gives attackers a window of opportunity to access your tenant without additional verification. Every MFA prompt is a critical control point, and disabling this setting ensures consistent authentication enforcement.
What Aether365 Checks
Aether365 verifies that the "Allow users to remember multi-factor authentication on devices they trust" setting is disabled in the Microsoft Entra ID per-user MFA service settings. This check appears in the Aether365 dashboard under the entra-id checks category.