CA-07: Configure Session Controls

Frequently asked questions about implementing and managing the CA-07 security control in Microsoft 365 and Entra ID.

Q
What is CA-07 (Configure Session Controls)?
A

CA-07 is a security control that long-lived sessions increase the window for session hijacking and token theft. enforcing sign-in frequency limits how long a stolen session token remains valid. It requires that sign-in frequency is enforced for admin sessions (8 hours) and sign-in frequency is enforced for user sessions (24 hours), persistent browser sessions are controlled for sensitive scenarios.

Related controls:CA-07
Q
Why is Configure Session Controls important for Microsoft 365 security?
A

Long-lived sessions increase the window for session hijacking and token theft. Enforcing sign-in frequency limits how long a stolen session token remains valid.

Related controls:CA-07
Q
How do I implement CA-07 in my tenant?
A

TrueConfig provides one-click remediation for CA-07. Creates CA policy with session controls in report-only mode

Related controls:CA-07
Q
What license do I need for CA-07?
A

This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.

Related controls:CA-07
Q
Which security baseline includes CA-07?
A

CA-07 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Related controls:CA-07

5

Questions

1

Related Controls

Categorized

Related Resources

CA-07 Control Reference

Detailed documentation and implementation guidance

Conditional Access Controls

All controls in the Conditional Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →