BYOD Teams allowing login/auth even though Active Direcotry account is locked

Ben Woodman 106 Reputation points
2023-11-08T15:19:55.8566667+00:00

Hi All,

I am wondering if anyone has any ideas on how to resolve this issue. We have had a report where a user had their account locked for over an hour and found they were still able to log into MS Teams on their BYOD device with no problems and were able to send messages etc. This of course should not be the case as it should stop access to the app when their account locks.

Looking further into this issue i thought it was to do with the TokenLifetimePolicy set in Azure so tried running the command below to set the organization policy to 30 minutes:

$params = @{
Definition = @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00"}}')
    DisplayName = "BYODTokenLifetimePolicyLockoutTest"
IsOrganizationDefault = $false
}
$tokenLifetimePolicyId=(New-MgPolicyTokenLifetimePolicy -BodyParameter $params).Id

Once done i locked my own account out for over half an hour and when trying nothing changed, i gave it till an hour and still was able to access Teams as per usual.

Does anyone know a way to fix this so that once a users account locks out they are no longer able to log into MS Teams on their device?

I can imagine that implementing a setting to get the user to enter their password every time they open the app would fix this but of course I would like to avoid that being the main fix.

Any help would be greatly appreciated.

Kind regards,

Ben

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,416 questions
0 comments No comments
{count} votes