Azure Active Directory中的可配置令牌生存期 [英] Configurable token lifetimes in Azure Active Directory

问题描述

我无法从PowerShell分配TokenLifetimePolicy Azure AD应用程序策略.我遇到错误BadRequest:Message: Open navigation properties are not supported on OpenTypes.Property name: 'policies

I could not assign TokenLifetimePolicy Azure AD application policy from PowerShell. I had an error BadRequest : Message: Open navigation properties are not supported on OpenTypes.Property name: 'policies

我正在尝试从 Azure Active Directory中可配置的令牌生存期

请参见下面的屏幕截图，欢迎使用AzureAD cmdlet Add-AzureADApplicationPolicy上的任何有用链接和解决方案

See screenshot below, any useful links and solutions on the AzureAD cmdlet Add-AzureADApplicationPolicy are welcome

推荐答案

我仅通过使用New-AzureADPolicy cmdlet并设置了-IsOrganizationDefault $true而不是$false使其起作用.效果需要一段时间才能看到.因此，请等待大约30分钟到一个小时(我不知道确切要花多长时间).之后，将创建并应用您的新策略.还请记住，这是PowerShell，因此cmdlet中没有空格.

I made it work by only using New-AzureADPolicy cmdlet and setting -IsOrganizationDefault $true not $false. The effect takes a while for you to see it. So wait for about 30 minutes to an hour (I don't know how long exactly). After that your new policy will be created and applied. Also remember that this is PowerShell, so no whitespaces in the cmdlet.

示例:

New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00","MaxInactiveTime":"02:00:00","MaxAgeSessionSingleFactor":"02:00:00"}}') -DisplayName "PolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

多行版本:

New-AzureADPolicy -Definition @(
    '
        {
            "TokenLifetimePolicy":
                {
                    "Version": 1,
                    "AccessTokenLifetime": "02:00:00",
                    "MaxInactiveTime": "02:00:00",
                    "MaxAgeSessionSingleFactor": "02:00:00"
                }
        }
    '
    ) -DisplayName "PolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

Microsoft可以使用IsOrganizationDefault $true解决此问题.在问题中详细了解以下内容: Azure AD可配置令牌生命周期未得到应用.

Microsoft may fix the issue with IsOrganizationDefault $true. Read more on this in the question: Azure AD Configurable Token Lifetimes not being Applied.

这篇关于Azure Active Directory中的可配置令牌生存期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！