Browser Sessions shall not be persistent for privileged users

Description

To reduce the risk of credential theft during user sessions, disallow persistent browser sessions for highly privileged users.

Policy

  • Highly privileged users shall not have persistent browser sessions.

Licensing Considerations

Azure AD P1. Can be purchased standalone or part of the following bundles:

  • Microsoft 365 Business Premium

  • EMS+ E3 or EMS + E5

  • Microsoft 365 E3

  • Microsoft 365 E5

Set Up Instructions

  1. Under Users>Include<Select Users and Groups, choose Directory Roles.

  2. Configure highly privileged Directory Roles

End-User Impact

Level: Medium

Since this will be only scoped to privileged roles, the impact will be limited. The severity of impact is increased to medium since it does require the scoped users to reauthenticate once every time the user closes and reopens the browser.

Tips

This is a policy that you could scope additionally to guest users and for external access on personal devices that are not MDM or MAM enrolled.

PowerShell Scripts

None Currently

Videos

None Currently

Last updated