News

Azure Active Directory Conditional Access Session Management Policies Now Commercially Available

Microsoft announced on Friday that that ability to use the "authentication session management capabilities" of the Azure Active Directory Conditional Access service is now at the "generally available" commercial-release stage.

Organizations needing fine control over user access to applications might use these authentication session management capabilities. They can use them to set policies and control how often users need to sign into applications, and whether or not those sign-ins will persist after closing an app, for instance.

The commercial release of this feature comes soon after the preview stage, which was announced earlier this month. In the interval, Microsoft added support for reinforcing multifactor authentication when using authentication session management capabilities, a capability that was previously lacking.

The authentication session management capabilities of the Azure AD Conditional Access service will be replacing a similar feature for controlling access, called the "Configurable Token Lifetimes" capability.

Here's how Microsoft characterized that feature switch, according to this Configurable Token Lifetimes document:

After hearing from customers during the preview, we've implemented authentication session management capabilities in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency. After May 30, 2020 no new tenant will be able to use Configurable Token Lifetime policy to configure session and refresh tokens. The deprecation will happen within several months after that, which means that we will stop honoring existing session and refresh tokens polices. You can still configure access token lifetimes after the deprecation.

With the authentication session management capabilities, IT pros can set a time period for when users will be prompted to sign in again, ranging from 1 hour to 365 days. Sessions can be set to persist or to never persist. However, Microsoft advocates using its default configurations in most cases.

"For most deployments, the Azure AD default configuration for authentication session already provides the necessary security while balancing a productive user experience," stated Alex Simons, corporate vice president of program management for the Microsoft Identity Division, in the announcement.

It's possible to apply these policies to specific use cases, such as applying conditional access to "unmanaged or shared devices." Other criteria that could be used in policies include specifying the "sensitivity of a resource, user account privilege, authentication strength, device configuration, location" and more.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus