CA-07MediumEnhanced Security
Configure Session Controls
Conditional Access control for Microsoft 365 and Entra ID
Why This Control Matters
Long-lived sessions increase the window for session hijacking and token theft. Enforcing sign-in frequency limits how long a stolen session token remains valid.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Sign-in frequency is enforced for admin sessions (8 hours)
- 2Sign-in frequency is enforced for user sessions (24 hours)
- 3Persistent browser sessions are controlled for sensitive scenarios
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Available
Creates CA policy with session controls in report-only mode
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.