Hi @robert.white,
Thanks for the update.
I totally understand. If you enable the captcha, it will be enforced for every login attempt if you select Always for the enforcement setting.
As a way to gauge the number of times the captcha would be enforced, you could count the pla log event type code, which only triggers before login to determine the risk assessment but doesn’t actually enforce the captcha. With this information, you can determine how many times the captcha might be enforced if the setting is enabled.
If you decide to enable the auth challenge captcha later with Always as the setting, then you can be certain that the captcha is enforced on every login attempt.
Does that clarification help?
Thanks,
Rueben