Azure-docs: What will happen for existing configured token lifetime policy after May 1st

Created on 3 Mar 2020 · 7Comments · Source: MicrosoftDocs/azure-docs

We didn't find any statement in this article what will happen for existing configured token lifetime policy after May 1st. Do customer need to remove them manually, or Microsoft will help remove them automatically?
If customers configured both token lifetime policy and CA sign-in frequency policy, will there be any risk causes conflict any that time?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 02ff3d62-dc0e-ad0c-f5ae-418337cf31e4
Version Independent ID: d50952b5-6b98-c40d-d3a3-f9cbec58dd28
Content: Configurable Azure AD token lifetimes - Microsoft identity platform
Content Source: articles/active-directory/develop/active-directory-configurable-token-lifetimes.md
Service: active-directory
Sub-service: develop
GitHub Login: @rwike77
Microsoft Alias: ryanwi

Pri1 active-directorsvc awaiting-product-team-response cxp develosubsvc product-question triaged

Source

JimmyLS

All 7 comments

@JimmyLS
Thanks for your feedback! We will investigate and update as appropriate.

MarileeTurscak-MSFT on 3 Mar 2020

Thanks for this question! I believe they'll just stop working and you'll need to remove them, but I've reached out to the product team to confirm as I'm not certain how that will work and we will get back with that information shortly.

In the future it is recommended to use conditional access policies instead.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

MarileeTurscak-MSFT on 5 Mar 2020

Partial answer - access token policies should keep working without any conflict. About the refresh token lifetime - currently conditional access won't allow you to configure sign in frequency and token lifetime policies at the same time for a given user or app. I'm waiting for an answer regarding the need to remove old policies or if they will get automatically removed, replaced, or upgraded.

MarileeTurscak-MSFT on 25 Mar 2020

👍1

Partial answer - access token policies should keep working without any conflict. About the refresh token lifetime - currently conditional access won't allow you to configure sign in frequency and token lifetime policies at the same time for a given user or app. I'm waiting for an answer regarding the need to remove old policies or if they will get automatically removed, replaced, or upgraded.

Can we have an answer now? Today is April 14th, we need to know an answer before May 1st how to deal with the existing policies to avoid any impact!

Thanks.

JimmyLS on 14 Apr 2020

👍1

Same question here. We need the answer to avoid the impact during this transition.
Thank you for your help.

stevenli510 on 14 Apr 2020

I've bubbled this up several times and got a response - no information yet on what will happen to the existing policies, but they've extended the deadline to May 30th to add a bit more time.

Users will still be able to modify access token policies, but not session and refresh tokens.

MarileeTurscak-MSFT on 22 Apr 2020

PG response on token lifetime issue - They should be ignored automatically.

Also, existing policies will be honored until 6/30.

Hope this helps!

I will close this out now but feel free to send me an email at [email protected] if you have further questions.

MarileeTurscak-MSFT on 23 Apr 2020

Was this page helpful?

0 / 5 - 0 ratings