Merge pull request #233439 from rwike77/tokenlifetime

adding back configure token lifetimes article, removing portal reference article

Author: PMEds28

.openpublishing.redirection.active-directory.json

@@ -6,8 +6,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path_from_root": "/articles/active-directory/develop/configure-token-lifetimes.md",
-      "redirect_url": "/azure/active-directory/develop/active-directory-saml-claims-customization",
+      "source_path_from_root": "/articles/active-directory/develop/registration-config-change-token-lifetime-how-to.md",
+      "redirect_url": "/azure/active-directory/develop/configure-token-lifetimes",
       "redirect_document_id": false
     },
     {

articles/active-directory/develop/TOC.yml

@@ -140,7 +140,7 @@
             - name: Customize SAML claims
               href: active-directory-saml-claims-customization.md
             - name: Set an access token lifetime policy
-              href: registration-config-change-token-lifetime-how-to.md
+              href: configure-token-lifetimes.md
             - name: Directory extension attributes
               href: active-directory-schema-extensions.md
             - name: SAML app multi-instancing

articles/active-directory/develop/active-directory-configurable-token-lifetimes.md

@@ -9,10 +9,10 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/07/2023
+ms.date: 04/04/2023
 ms.author: ryanwi
 ms.custom: aaddev, identityplatformtop40, contperf-fy21q1
-ms.reviewer: ludwignick, sreyanthmora, marsma
+ms.reviewer: ludwignick, sreyanthmora
 ---
 # Configurable token lifetimes in the Microsoft identity platform (preview)
 
@@ -74,7 +74,7 @@ A token lifetime policy is a type of policy object that contains token lifetime
 
 Reducing the Access Token Lifetime property mitigates the risk of an access token or ID token being used by a malicious actor for an extended period of time. (These tokens cannot be revoked.) The trade-off is that performance is adversely affected, because the tokens have to be replaced more often.
 
-For an example, see [Create a policy for web sign-in](registration-config-change-token-lifetime-how-to.md).
+For an example, see [Create a policy for web sign-in](configure-token-lifetimes.md).
 
 Access, ID, and SAML2 token configuration are affected by the following properties and their respectively set values:
 

articles/active-directory/develop/configure-token-lifetimes.md

@@ -0,0 +1,79 @@
+---
+title: Set lifetimes for tokens
+description: Learn how to set lifetimes for access tokens issued by Microsoft identity platform. 
+services: active-directory
+author: rwike77
+manager: CelesteDG
+
+ms.service: active-directory
+ms.subservice: develop
+ms.workload: identity
+ms.topic: how-to
+ms.date: 04/04/2023
+ms.author: ryanwi
+ms.custom: identityplatformtop40, contperf-fy21q2, engagement-fy23
+ms.reviewer: ludwignick
+---
+# Configure token lifetime policies (preview)
+
+In the following steps, you'll implement a common policy scenario that imposes new rules for token lifetime. It's possible to specify the lifetime of an access, SAML, or ID token issued by the Microsoft identity platform. This can be set for all apps in your organization or for a specific service principal. They can also be set for multi-organizations (multi-tenant application). 
+
+For more information, see [configurable token lifetimes](active-directory-configurable-token-lifetimes.md).
+
+## Get started
+
+To get started, download the latest [Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation).
+
+## Create a policy for web sign-in
+
+In the following steps, you'll create a policy that requires users to authenticate less frequently in your web app. This policy sets the lifetime of the access/ID tokens for your web app.
+
+```powershell
+Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration"
+
+# Create a token lifetime policy
+$params = @{
+	Definition = @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"4:00:00"}}') 
+    DisplayName = "WebPolicyScenario"
+	IsOrganizationDefault = $false
+}
+$tokenLifetimePolicyId=(New-MgPolicyTokenLifetimePolicy -BodyParameter $params).Id
+
+# Display the policy
+Get-MgPolicyTokenLifetimePolicy -TokenLifetimePolicyId $tokenLifetimePolicyId
+
+# Assign the token lifetime policy to an app
+$params = @{
+	"@odata.id" = "https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/$tokenLifetimePolicyId"
+}
+
+$applicationObjectId="11111111-1111-1111-1111-111111111111"
+
+New-MgApplicationTokenLifetimePolicyByRef -ApplicationId $applicationObjectId -BodyParameter $params
+
+# List the token lifetime policy on the app
+Get-MgApplicationTokenLifetimePolicy -ApplicationId $applicationObjectId
+
+# Remove the policy from the app
+Remove-MgApplicationTokenLifetimePolicyByRef -ApplicationId $applicationObjectId -TokenLifetimePolicyId $tokenLifetimePolicyId
+
+# Delete the policy
+Remove-MgPolicyTokenLifetimePolicy -TokenLifetimePolicyId $tokenLifetimePolicyId
+```
+
+## View existing policies in a tenant
+
+To see all policies that have been created in your organization, run the [Get-MgPolicyTokenLifetimePolicy](/powershell/module/microsoft.graph.identity.signins/get-mgpolicytokenlifetimepolicy) cmdlet.  Any results with defined property values that differ from the defaults listed above are in scope of the retirement.
+
+```powershell
+Get-MgPolicyTokenLifetimePolicy
+```
+
+To see which apps are linked to a specific policy that you identified, run [List appliesTo](/graph/api/tokenlifetimepolicy-list-appliesto) with any of your policy IDs. 
+
+```powershell
+GET https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/4d2f137b-e8a9-46da-a5c3-cc85b2b840a4/appliesTo
+```
+
+## Next steps
+Learn about [authentication session management capabilities](../conditional-access/howto-conditional-access-session-lifetime.md) in Azure AD Conditional Access.