Skip to content

Commit 3bac7ff

Browse files
elijaholaelijahola
authored
FIxed links to be relative
1 parent b17bbf7 commit 3bac7ff

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ Sign-in frequency previously applied to only to the first factor authentication
5858

5959
### User sign-in frequency and device identities
6060

61-
On Azure AD joined and hybrid Azure AD joined devices, unlocking the device, or signing in interactively will only refresh the Primary Refresh Token (PRT) every 4 hours. The last refresh timestamp recorded for PRT compared with the current timestamp must be within the time allotted in SIF policy for PRT to satisfy SIF and grant access to a PRT that has an existing MFA claim. On [Azure AD registered devices](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-register), unlock/sign-in would not satisfy the SIF policy because the user is not accessing an Azure AD registered device via an Azure AD account. However, the [Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-acquire-token-wam) WAM plugin can refresh a PRT during native application authentication using WAM.
61+
On Azure AD joined and hybrid Azure AD joined devices, unlocking the device, or signing in interactively will only refresh the Primary Refresh Token (PRT) every 4 hours. The last refresh timestamp recorded for PRT compared with the current timestamp must be within the time allotted in SIF policy for PRT to satisfy SIF and grant access to a PRT that has an existing MFA claim. On [Azure AD registered devices](/active-directory/devices/concept-azure-ad-register), unlock/sign-in would not satisfy the SIF policy because the user is not accessing an Azure AD registered device via an Azure AD account. However, the [Azure AD WAM](/azure/active-directory/develop/scenario-desktop-acquire-token-wam) plugin can refresh a PRT during native application authentication using WAM.
6262

6363
Note: The timestamp captured from user log-in is not necessarily the same as the last recorded timestamp of PRT refresh because of the 4-hour refresh cycle. The case when it is the same is when a PRT has expired and a user log-in refreshes it for 4 hours. In the following examples, assume SIF policy is set to 1 hour and PRT is refreshed at 00:00.
6464

0 commit comments

Comments
 (0)