AAD joined Win10 device - cached credentials expiry

%3CLINGO-SUB%20id%3D%22lingo-sub-1011088%22%20slang%3D%22en-US%22%3EAAD%20joined%20Win10%20device%20-%20cached%20credentials%20expiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1011088%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20find%20a%20concrete%20answer%20on%20this%2C%20have%20searched%20Microsoft's%20documentation%20but%20couldn't%20find%20anything%20exact.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20long%20are%20the%20Windows%20logon%20credentials%20cached%20locally%26nbsp%3B%20on%20a%20Windows%2010%20device%20which%20is%20AAD%20joined%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EScenario%20-%20device%20is%20powered%20down%20and%20not%20logged%20onto%20for%20a%20couple%20of%20months%2C%20user%20powers%20on%20device%20and%20is%20able%20to%20log%20in%20and%20access%20device%20providing%20it%20is%20not%20connected%20to%20a%20corporate%20network%20or%20the%20internet.%20Regardless%20of%20whether%20that%20users%20account%2C%20AAD%20device%20or%20Intune%20device%20has%20been%20disabled%20or%20removed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20i%20read%20that%20the%20locally%20cached%20credentials%20never%20expire%2C%20but%20hoping%20for%20additional%20confirmation%3F%3C%2FP%3E%3CP%3EIf%20it%20is%20indefinite%20by%20default%2C%20is%20there%20a%20CSP%20that%20can%20be%20configured%20much%20like%20the%20group%20policy%20which%20was%20available%20historically%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3CBR%20%2F%3EChris%20Jacob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1011088%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ep%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Trying to find a concrete answer on this, have searched Microsoft's documentation but couldn't find anything exact.

 

How long are the Windows logon credentials cached locally  on a Windows 10 device which is AAD joined?

 

Scenario - device is powered down and not logged onto for a couple of months, user powers on device and is able to log in and access device providing it is not connected to a corporate network or the internet. Regardless of whether that users account, AAD device or Intune device has been disabled or removed.

 

I think i read that the locally cached credentials never expire, but hoping for additional confirmation?

If it is indefinite by default, is there a CSP that can be configured much like the group policy which was available historically?

 

Thanks,
Chris Jacob

  • p
0 Replies