question

KamranBashir-9687 avatar image
0 Votes"
KamranBashir-9687 asked ·

Token Lifetime policy is not working

After 15 mins inactive session timeout it does not ask user to reauthenticate

detail here...

Created a new token policy :

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes


New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{
"Version":1,
"MaxInactiveTime":"00:15:00",
"MaxAgeSessionSingleFactor":"08:00:00",
"MaxAgeSessionMultiFactor":"08:00:00"
}}') -DisplayName "TokenLifetimeDefaultPolicy" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"



![alt text][1]
[1]: /answers/storage/attachments/492-signinpolicyv1.jpg

Github page:
https://github.com/MicrosoftDocs/azure-docs/issues/43080


azure-active-directory
signinpolicyv1.jpg (76.4 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

Please consider this example: If you apply the policy to the MS graph, all the tokens for it would by ruled by the Policy. So, any app that requests a token for the MS Graph resource will be affected.

So the token lifetime policy is not based on the AAD App registration that is being used to request the resource. But it applies to the resource you're trying to access. So the resource needs to have the lifetime token policy not the aad app registration that has the permissions.

The only way to apply the policy to the app instead is if you request a token with permissions to the AAD Application Registration.

Additionally, please avoid using Token life time policies. this will be deprecated some time in the future, please use conditional access policies



https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.