To go further: Resilience defaults (preview).Option 4: Configuration of access token lifetime (preview).Option 3: Continuous Access Evaluation (preview). Option 2: Conditionnal Access Policy with “sign-in frequency” and “persistence”.Option 1: “ Keep me signed-in” deactivation.In order to control the lifetime of user sessions and to manage the associated risks, Microsoft offers several options: The two direct consequences are that users authenticate without thinking (risk of phishing) or use weak passwords. On the other hand, the user experience could be so poor that it would paradoxically lead to a decrease in security.The security answer is obviously: “you have to set the shortest possible duration” (it is not uncommon to want to set a day or even few hours).The problem is simple, but the answer is complex: what balance can be found between user experience and session lifetime? How long are my users logged in? How much flexibility do I have to revoke a compromised user’s access?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |