Azure VPN Client 3.4.0.0 version disconnects with following error: "Your authentication with Microsoft Entra is expired"

Due to the case I opened with MS on this issue Microsoft has updated the FAQs here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#vpn-disconnect

What is happening is in versions 3.3.1 and before the Azure VPN client did NOT honor the Sign-in Frequency except at initial login. Once you were connected even with a conditional access policies sign-in frequency set you could stay connected indefinitely but now in version 3.4.0 the client will honor the sign-in frequency in the conditional access policy after initial sign-in.

Microsoft did a poor job of communicating this and actually once my clients started receiving the 3.4.0 version from the Microsoft store none of the Microsoft documentation even mentioned a 3.4.0 client.

So for example if you were using Azure Point to Site VPN client 3.3.1 with Entra ID Authentication and a Conditional access policy with Sign-in frequency set to Everytime you could stay connected indefinitely once you authenticated. If then your clients updated to 3.4.0 the conditional access policy would disconnect users after 1 hour.

Note that whatever sign-in frequency you choose in the conditional access policy for the Azure VPN (with client version 3.4.0) it will be 1 additional hour before users are disconnected. Example if you want users to stay connected for 8 hours use a sign-in frequency of 7 hours.