![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 97%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,192 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Sundram Sontirkey,
Thank you for posting your query on Microsoft Q&A.
Based on your description, your team has created two Conditional Access policies and set the sign-in frequency to 18 hours, which applies only to Microsoft Entra hybrid joined devices. You've observed that re-authentication occurs for some users after 18 hours, while for others it does not. For testing you can have one CA policy rather than having two policies enabled for SIF.
To investigate this behavior, I recommend referring to the document that provides examples of sign-in frequency scenarios. The users who are not re-authenticating may fall into one of the scenarios described there.
Please review the flowchart provided in the document to determine why these users did not trigger re-authentication based on the current time minus the authentication instant time. You can verify this by checking the Entra sign-in logs for the specific user.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Please Accept the answer if the information helped you. This will help us and others in the community as well.
Thanks,
Raja Pothuraju.