Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft’s Azure AD Conditional Access Service Can Now Require Reauthentication

Microsoft has added re-authentication support in Azure AD Conditional Access. The company says that it’s one of the top-requested features from customers, who will now be able to configure policies to require authentication by end-users.

Microsoft defines sign-in frequency as the time period before a user is required to log in again when accessing a particular resource. Currently, the user sign-in frequency is set to a “rolling window of 90 days” by default for Azure Active Directory (Azure AD) customers. The new Conditional Access reauthentication policies feature enables IT Admins to change the sign-in frequency of applications that use the OAUTH 2 or OIDC protocols.

It is possible for an organization to require user authentication every time to access an app, but this setting is only appropriate for scenarios like user risk, session risk, and Microsoft Intune device enrollments. Microsoft believes that frequent sign-ins increase the risks of phishing attacks or credential theft and it should only be required for “high-risk scenarios.”

“We’ve gotten a ton of feedback from customers who want extra protection during scenarios where people may have wandered away from their desks, lent their devices to their kids, or if a device became infected with token stealing malware,” said Ricky Pullan, PM for Intelligent Access Team. “With this new capability, you can explicitly re-verify identity, device, and any other Conditional Access conditions for high-risk scenarios.”

Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication

Microsoft to add Conditional Access reauthentication policies support for more scenarios

This capability is available for several Office 365 desktop and mobile apps. Additionally, it is supported on Office.com, Exchange Online, the Teams web client, OneDrive and SharePoint, OneNote Online, Dynamics CRM Online, Azure portal, and the Microsoft 365 Admin portal.

Microsoft will continue to listen to feedback about the Conditional Access reauthentication policies while the feature is in public preview. Meanwhile, it is also planning to add support for some new reauthentication scenarios such as PIM elevations and securing VPN access in the coming months.

by Rabia Noureen
May 13, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Microsoft Entra ID App Registration and Enterprise App Security Explained

Oct 19, 2023
Apr 17, 2024
How to Properly Secure and Govern Microsoft Entra ID Apps

Oct 19, 2023
Apr 17, 2024
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.