Microsoft’s Azure AD Conditional Access Service Can Now Require Reauthentication
Microsoft has added re-authentication support in Azure AD Conditional Access. The company says that it’s one of the top-requested features from customers, who will now be able to configure policies to require authentication by end-users.
Microsoft defines sign-in frequency as the time period before a user is required to log in again when accessing a particular resource. Currently, the user sign-in frequency is set to a “rolling window of 90 days” by default for Azure Active Directory (Azure AD) customers. The new Conditional Access reauthentication policies feature enables IT Admins to change the sign-in frequency of applications that use the OAUTH 2 or OIDC protocols.
It is possible for an organization to require user authentication every time to access an app, but this setting is only appropriate for scenarios like user risk, session risk, and Microsoft Intune device enrollments. Microsoft believes that frequent sign-ins increase the risks of phishing attacks or credential theft and it should only be required for “high-risk scenarios.”
“We’ve gotten a ton of feedback from customers who want extra protection during scenarios where people may have wandered away from their desks, lent their devices to their kids, or if a device became infected with token stealing malware,” said Ricky Pullan, PM for Intelligent Access Team. “With this new capability, you can explicitly re-verify identity, device, and any other Conditional Access conditions for high-risk scenarios.”
Microsoft to add Conditional Access reauthentication policies support for more scenarios
This capability is available for several Office 365 desktop and mobile apps. Additionally, it is supported on Office.com, Exchange Online, the Teams web client, OneDrive and SharePoint, OneNote Online, Dynamics CRM Online, Azure portal, and the Microsoft 365 Admin portal.
Microsoft will continue to listen to feedback about the Conditional Access reauthentication policies while the feature is in public preview. Meanwhile, it is also planning to add support for some new reauthentication scenarios such as PIM elevations and securing VPN access in the coming months.
More in Microsoft Azure
How to Select Hardware for Azure Stack HCI
Jul 5, 2022 | Flo Fox
How to Install Azure Stack HCI Single-Node Clusters
Jun 3, 2022 | Flo Fox
Microsoft Now Lets IT Admins Review & Remove Inactive Azure AD Users
May 27, 2022 | Rabia Noureen
Build 2022: Microsoft's Intelligent Data Platform Combines Data and Analytics
May 25, 2022 | Rabia Noureen
Microsoft Revises Restrictive Cloud Licensing Policies to Avoid EU Antitrust Probe
May 19, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Most popular on petri