Require 2FA each time a user logs on (video)

Running time: 3:01

By default users who trust their device can skip two-factor authentication for the next 30 days (i.e., until the trusted device time-to-live value has expired). Is there a way to force users to undergo two-factor authentication each and every time they log on? Turns out there is.