MicrosoftHi
I want to review the Token Lifetime policies wrt to setting up a service account for Power Automates. After reading at https://support.microsoft.com/en-us/topic/recommendations-for-conditional-access-and-multi-factor-authentication-in-microsoft-flow-15e7e8bc-1106-2e89-899b-7c292fbf1736 , I am more confused. Hence, I have these questions
1) Do we avoid checking the Remember Mulifactor Authentication in Office 365
2) If 1) then do we have to set the token lifetime via AD Policy or do simply set up MFA via Security->Conditional Access in Azure AD and use the defaults listed under Recommended token lifetime settings after MFA is enabled in the above article
On my dev tenant I tried to configure the policy but didn't get very far.
Install-Module AzureADPreview
Connect-AzureAD
# does return anything
Get-AzureADPolicy
# my attempt to set up a policy
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxAgeMultiFactor":"until-revoked","MaxAgeSessionMultiFactor":"14.00:00:00"}}') -DisplayName "DefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: Configure Token Lifetime for RT/ST (Refresh/Session Token) is retired and all policies will not be honored
anymore Refer https://go.microsoft.com/fwlink/?linkid=2153669 for more information
InnerError:
RequestId: 681e3985-3890-4734-8d5a-49a4aa8c0591
DateTimeStamp: Fri, 10 Dec 2021 14:05:59 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:2
+ New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.New
Policy
Any thoughts please