What condition can be configured to prompt users for Multifactor Authentication in a global session policy rule?

Configuring a global session policy rule to prompt users for Multifactor Authentication (MFA) at every sign-in is an effective strategy for ensuring ongoing security. This condition means that each time a user attempts to sign in, they will have to complete an MFA challenge, which adds another layer of verification beyond just their username and password. Doing so helps protect against unauthorized access, especially in environments where the risk is high or compliance needs require stringent security measures.

While prompting MFA only for first-time logins could limit security by not addressing subsequent access attempts, and requiring it after every password change might not effectively secure ongoing sessions, prioritizing MFA at each sign-in addresses potential threats continuously. Accessing sensitive data can also be crucial for triggering MFA; however, many security policies advocate for universal prompts to avoid gaps in security based on user behavior or specific actions taken.