The rollout follows a recent issue with another Microsoft Entra ID feature, the MACE Credential Revocation app, which inadvertently locked out Windows administrators’ accounts and triggered false positive security alerts
Microsoft has announced a new security feature for its Entra ID identity and access management tool, enabling administrators to enforce a “Reauthentication Every Time Policy” for sensitive or risky actions. The new policy, which requires users to re-verify their identity with each specified action, is designed to enhance security for a range of tasks.
The new feature can be applied to actions such as accessing sensitive applications, protecting sign-ins to Azure Virtual Desktop machines, and securing resources behind virtual private networks (VPNs). The policy is also intended for use during privileged role elevation, providing an extra layer of security for high-risk administrative tasks.
Mitigating Risks, Managing User Fatigue
In announcing the feature, Microsoft advised administrators to use the new policy sparingly. The company warned that over-application of the “Reauthentication Every Time” feature could lead to “MFA fatigue,” a term for when users become tired of frequent multi-factor authentication requests and begin to bypass security measures or develop unsafe habits.
The rollout follows a recent issue with another Microsoft Entra ID feature, the MACE Credential Revocation app, which inadvertently locked out Windows administrators’ accounts and triggered false positive security alerts. Microsoft confirmed that this was an error caused by an internal logging issue and has since been mitigated.
The announcement comes as the company continues to expand the capabilities of its Entra ID platform, including allowing the integration of external authentication methods, with 1Kosmos being among the latest additions. The new feature is part of Microsoft’s broader effort to give administrators more granular control over security while balancing usability.
