New Governance Action in Office 365 Advanced Security Management Available

Published 06-26-2017 08:13 AM 6,267 Views

If you have looked at Advanced Security Management you understand the visibility and control it can provide when it detects activities that you might consider suspicious. When one of these alerts are triggered you have been able to suspend the users account automatically or as part of your investigation activity. We have heard from some organizations that they wanted other options. Today we are happy to introduce the option of requiring a user to sign-in again.


In case of a suspicious user behavior, which may or may not be a compromised account, the new action allows the admin to take an immediate action and ask the user to sign-in again. If the admin thinks the account is compromised this action is best done in combination with the suspend user option so it would lock the attacker out of the account and would force the refresh tokens and the session cookies (in the user’s browser) expire. For more details on how to configure polices that can require users to sign in again please review the documentation here.



1 Comment

Why don't you simply use the "revoke refresh tokens" notation as the action name, similar to how this functionality is referrenced to across the Azure AD documentation? Keep those actions coming! :)

Version history
Last update:
‎May 11 2021 01:54 PM
Updated by: