All, I'm a complete PowerShell newb....I need help setting the Access and Refresh tokens to minimums for development testing. I know there's a premium UI in AzureAD that's $9/user but I don't have approval for that. So here's what I've learned so far (and I'm hoping y'all can fill in the blanks).
1) After authing my ISE/PowerShell window to Azure AD using Connect-AzureAD, I have to create the policy.
2) I create the policy using something similar to this:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"0.00:35:00","MaxAgeSingleFactor":"00.00:10:00"}}') -DisplayName "AccessTokenPolicies" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
3) I know that I can change it using Set-AzureADPolicy.
So far it's not working. I'm not seeing the refresh token expiration. So my questions are this:
1) What does the version have to do with? Is it the version of the Azure API we're using for auth? Is it important?
2) Do I need to set -IsOrganizationDefault to $True for it to take?
3) I know I left out some other Token configuations from the definition. Do I need to leave those in?
4) Is it necessary to assign the policy to service principal or native app?
Here's the documentation I've been reading through so far:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes
TIA
1) After authing my ISE/PowerShell window to Azure AD using Connect-AzureAD, I have to create the policy.
2) I create the policy using something similar to this:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"0.00:35:00","MaxAgeSingleFactor":"00.00:10:00"}}') -DisplayName "AccessTokenPolicies" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
3) I know that I can change it using Set-AzureADPolicy.
So far it's not working. I'm not seeing the refresh token expiration. So my questions are this:
1) What does the version have to do with? Is it the version of the Azure API we're using for auth? Is it important?
2) Do I need to set -IsOrganizationDefault to $True for it to take?
3) I know I left out some other Token configuations from the definition. Do I need to leave those in?
4) Is it necessary to assign the policy to service principal or native app?
Here's the documentation I've been reading through so far:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes
TIA