Overview
Session reauthentication ensures users periodically verify their identity, reducing the risk of compromised sessions. In Microsoft Entra ID (formerly Azure AD), this is achieved through Conditional Access session controls.
Steps to Configure Session Reauthentication
1. Sign in to Microsoft Entra Admin Center
- Go to Microsoft Entra Admin Center.
- Sign in with Conditional Access Administrator or higher privileges.
2. Create a New Conditional Access Policy
- Navigate to:
- Name the policy (e.g.,
Require Reauthentication Every 8 Hours).
3. Assign Users and Apps
- Users: Select
All usersor a specific group. - Exclude: Add break-glass accounts to prevent lockout.
- Cloud apps: Choose
All cloud appsor specific apps.
4. Configure Session Controls
- Under Access controls → Session:
- Sign-in frequency: Set the desired interval (e.g.,
8 hours). - Persistent browser session: Set to Never persistent to prevent long-lived sessions.
- Sign-in frequency: Set the desired interval (e.g.,
5. Enable and Test
- Start in Report-only mode to monitor impact.
- Switch to On after validation.
Best Practices
- Use shorter sign-in frequencies for sensitive apps.
- Combine with MFA for stronger security.
- Avoid overly aggressive settings that disrupt user productivity.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article