question

AdrianC-7801 avatar image
0 Votes"
AdrianC-7801 asked azure-cxp-api edited

Change Office 365 Refresh Tocken Lifetime

Hi,
The organization I work for right now wants to reduce the refresh token lifetime for our Office 365 products from 90 days (which is the default) to 3 days as a security measure. Based on Microsoft's docs, we need to have at least Azure AD Premium P1 license, and we are OK with that since we are on P2.

I have configured a new Conditional Access policy (Sign in frequency option) and applied it to my corporate email account, to refresh the token every day, just as a test thing. It works, since every day I get the authentication box pop-up, but when looking at the token it does not reset.

Just one mention here is that we are using federation with Okta.

Any ideas?

azure-ad-saml-sso
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AdrianC-7801 , just to verify, did you follow the steps on this page? I want to make sure you went through all the appropriate steps in order to narrow down where the issue is.

Best,
James


0 Votes 0 ·

Hi James,
No, I did not configure it using the commands in that article. I was thinking this can be done from the GUI, but looks like that is just asking the user to re-authenticate every x hours or days and it does not reset the refresh token.

Do you know if the PowerShell line from the article can be filtered per user or it can only be applied per organization/tenant?

Thanks,
Adrian

0 Votes 0 ·

0 Answers