If you have looked at Advanced Security Management you understand the visibility and control it can provide when it detects activities that you might consider suspicious. When one of these alerts are triggered you have been able to suspend the users account automatically or as part of your investigation activity. We have heard from some organizations that they wanted other options. Today we are happy to introduce the option of requiring a user to sign-in again.
In case of a suspicious user behavior, which may or may not be a compromised account, the new action allows the admin to take an immediate action and ask the user to sign-in again. If the admin thinks the account is compromised this action is best done in combination with the suspend user option so it would lock the attacker out of the account and would force the refresh tokens and the session cookies (in the user’s browser) expire. For more details on how to configure polices that can require users to sign in again please review the documentation here.