For information on configuring your two-factor authentication, check this article.
Our implementation of two-factor authentication uses a combination of browser cookies and client host information to determine whether the user has previously logged on from a specific machine.
If we determine that the user hasn't previously logged in, and two-factor authentication is enabled for the tenant, a cookie will be created in their browser, containing some information about the user.
If, after validating credentials, the token is valid (e.g. there is successful handshake between the information the user is passing to us, and the information we hold about the user on the server), we will allow the user to log in.
Otherwise, we will prompt for a 2FA code, which, once validated, will allow the same.
Two factor authentication may be affected by:
Tokens resetting 30 days after issuance (requiring a new handshake)
The user clearing browser cache or cookies will reset the 2FA process. This can happen inadvertently if this option is set in their browser.
Using a different browser, which will will require a separate 2FA token, so using Edge and Chrome would handle 2FA independently