Apply Azure AD token expiration policy

# import the azure ad module
Import-Module AzureADPreview

# connect with an admin with proper priviledges
Connect-AzureAD

# specify the policyname and Azure application name
$policyName = "yourPolicyName"
$applicationName = "yourApplicationName"

Write-Host "Create a new policy"
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:10:00","MaxInactiveTime":"00:30:00","MaxAgeMultiFactor":"00:30:00","MaxAgeSingleFactor":"00:30:00"}}') -DisplayName $policyName -IsOrganizationDefault $false -Type "TokenLifetimePolicy"

# Get the Azure AD application  
$app = Get-AzureADApplication -Filter "DisplayName eq '$applicationName'"
Write-Host "Apply the new policy"
Add-AzureADApplicationPolicy -Id $app.ObjectId -RefObjectId $policy.Id

Write-Host "Get assigned policies..."
Get-AzureADApplicationPolicy -Id $app.ObjectId

Hi,
at the time of writing we didn't notice any issues with this command. Not sure if we missed something during our tests. What I noticed, however, is that that time it was important how you are passing the parameters in the definition. In some cases, the changes didn't apply. Therefore, it makes sense to check your created policy definition once you published it.

Based on this official documentation https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes you are also able to handle such use cases using authentication session management capabilities in Azure AD Conditional Access. Maybe you should have a look into this too.

Just let me know what were your findings.

br,
Patrick