I have registered a multi-tennant app in Azure AD and I would like to extend the lifetime of the access and refresh tokens the users who sign into my app receive. Despite creating a default policy for tokens, the access token my user receives is 1 hour.
The policy I have created is:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:00:00","MaxInactiveTime":"90.00:00:00","MaxAgeSingleFactor":"until-revoked","MaxAgeMultiFactor":"until-revoked","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
Considering how my policy is probably not being applied to users who sign in from other tenants, I tried applying it specifically to my app using:
Add-AzureADApplicationPolicy -Id -RefObjectId but I was presented the error:
Add-AzureADApplicationPolicy : Error occurred while executing AddApplicationPolicy
Code: Request_BadRequest
Message: Policy operations on v2 application are disabled.
InnerError: RequestId: ... DateTimeStamp: Mon, 02 Sep 2019 20:39:54 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:1 + Add-AzureADApplicationPolicy -Id ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-AzureADApplicationPolicy], ApiException + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.AddApplica tionPolicy
