![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 7.000000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,542 questions
Hello Tushar,
Thank you for posting your question in the Microsoft Q&A forum.
As I am understanding the issue, the Logic App's Outlook API connection fails every 1–3 days with "This connection is not authenticated", despite setting a 1-year reauthentication policy in Entra ID (Azure AD)
At the core of this issue lies Azure AD's default token expiration behavior for OAuth tokens used in API connections. While Conditional Access policies allow administrators to define session controls (such as the one-year reauthentication period you configured), these settings do not override Azure AD's native token lifetime management for service-to-service connections. Microsoft's identity platform enforces default expiration timeframes for different token types, with refresh tokens for standard OAuth flows typically valid for 90 days regardless of Conditional Access session settings.
This creates a critical disconnect your conditional Access policy attempts to enforce a one-year session duration; however, the underlying API connection tokens expire based on Azure AD's default token lifetimes. The Logic App's connection manager treats these expired tokens as authentication failures, triggering the error message.
Useful links to understand more about the root cause -
- https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app#refresh-tokens
- https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes
You may try the steps as provided below to fix the issue: Replace user-based auth with an Azure AD App Registration (Service Principal).
Steps:
- Register an App in Microsoft Entra ID.
- Grant API Permissions (e.g., Mail.Send for Outlook).
- Use Client Credentials (Client ID + Secret/Certificate) in the Logic App connection.
Reference documentation - https://learn.microsoft.com/en-us/azure/logic-apps/authenticate-with-managed-identity?tabs=consumption
Bonus tip - If you would like to automate reauthentication, use Azure Automation or a scheduled Logic App to refresh the token every 60 days (before expiry) - https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#refresh-connections
If the above answer helped, please do not forget to "Accept Answer," as this may help other community members refer to the information if they face a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 39%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)