Authentication
Tokens
There are 3 tokens
ID token
Contains basic information about user
Bound to one specific resource and user
Can include MFA claims
Can NOT be revoked before it expires (Unless CAE is in use for certain apps)
Access Token
Grant access to resource. Expiry range from 70 minutes to more then 24h.
Refresh Token
Can be used to request new access and id tokens. Expires in 90 days for inactive tokens and no expiry for active tokens.
One specific user
Can be revoked (when user resets their password, or manually revokes all active sessions)
Az PowerShell Module
Microsoft Graph
Connect-MgGraph
Interactive authentication
Device code flow
Interactive authentication
Mg Module - Permissions
Last updated