Extend Token expiration

Nandan Hegde 22,721 Reputation points MVP

I am using : az account get-access-token

Is it possible to have the expiration of the token for lets say 6 months similar to PAT?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,914 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,908 questions
0 comments No comments
{count} votes

2 additional answers

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 18,851 Reputation points Microsoft Employee

    Hello @Nandan Hegde and thanks for reaching out. Azure AD access tokens expiration cannot be set to 6 months. As stated by @Cristian SPIRIDON , it's set by default to something between 60 and 90 min. The default lifetime also varies depending on the client application requesting the token or if conditional access is enabled in the tenant. Currently, Exchange, Teams, and SharePoint Online can benefit from Continuous Access Evaluation (CAE) where long lived token expiration ranges from 20 to 28 hours.

    On the other hand, Azure AD refresh tokens live up to 90 days. You can use obtain a new access token without re-entering credentials a seconding during the lifetime of a refresh token using the MSAL.PS Get-MsalToken cmdlet (Samples here) with the -Silent parameter:

       Get-MsalToken -Silent # Other params  

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    1 person found this answer helpful.
    0 comments No comments

  2. Amit Singh 3,731 Reputation points

    Each PAT has an expired date, the default period is 30 days, and the maximum is one year.
    If the PAT created at the beginning is 90 days, when it expires, you can change it to 180 days or 1 year. But if you start in 1 year and expire soon after one year, you can only add one more token.

    Also, you can check this thread for help - https://improveandrepeat.com/2020/11/how-to-extend-a-personal-access-token-for-azure-devops/

    0 comments No comments