If reauthentication is required, use a Conditional Access sign-in frequency policy.Enable single sign-on (SSO) across applications using managed devices or Seamless SSO.To give your users the right balance of security and ease of use by asking them to sign in at the right frequency, we recommend the following configurations: This article details recommended configurations and how different settings work and interact with each other.
You can also explicitly revoke users' sessions using PowerShell. Some examples include a password change, an incompliant device, or an account disable operation. It might sound alarming to not ask for a user to sign back in, though any violation of IT policies revokes the session. If users are trained to enter their credentials without thinking, they can unintentionally supply them to a malicious credential prompt. Asking users for credentials often seems like a sensible thing to do, but it can backfire. The Azure AD default configuration for user sign-in frequency is a rolling window of 90 days. You can configure these reauthentication settings as needed for your own environment and the user experience you want. This reauthentication could be with a first factor such as password, FIDO, or passwordless Microsoft Authenticator, or to perform multifactor authentication (MFA). Azure Active Directory (Azure AD) has multiple settings that determine how often users need to reauthenticate.
0 kommentar(er)
