Azure Active Directory Conditional Access Session Management Policies Now Commercially Available -- Redmondmag.com

Azure Active Directory Conditional Access Session Management Policies Now Commercially Available

By Kurt Mackie
05/29/2020

Microsoft announced on Friday that that ability to use the "authentication session management capabilities" of the Azure Active Directory Conditional Access service is now at the "generally available" commercial-release stage.

Organizations needing fine control over user access to applications might use these authentication session management capabilities. They can use them to set policies and control how often users need to sign into applications, and whether or not those sign-ins will persist after closing an app, for instance.

The commercial release of this feature comes soon after the preview stage, which was announced earlier this month. In the interval, Microsoft added support for reinforcing multifactor authentication when using authentication session management capabilities, a capability that was previously lacking.

The authentication session management capabilities of the Azure AD Conditional Access service will be replacing a similar feature for controlling access, called the "Configurable Token Lifetimes" capability.

Here's how Microsoft characterized that feature switch, according to this Configurable Token Lifetimes document:

After hearing from customers during the preview, we've implemented authentication session management capabilities in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency. After May 30, 2020 no new tenant will be able to use Configurable Token Lifetime policy to configure session and refresh tokens. The deprecation will happen within several months after that, which means that we will stop honoring existing session and refresh tokens polices. You can still configure access token lifetimes after the deprecation.

With the authentication session management capabilities, IT pros can set a time period for when users will be prompted to sign in again, ranging from 1 hour to 365 days. Sessions can be set to persist or to never persist. However, Microsoft advocates using its default configurations in most cases.

"For most deployments, the Azure AD default configuration for authentication session already provides the necessary security while balancing a productive user experience," stated Alex Simons, corporate vice president of program management for the Microsoft Identity Division, in the announcement.

It's possible to apply these policies to specific use cases, such as applying conditional access to "unmanaged or shared devices." Other criteria that could be used in policies include specifying the "sensitivity of a resource, user account privilege, authentication strength, device configuration, location" and more.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.