{"id":89960,"date":"2023-06-07T17:43:23","date_gmt":"2023-06-07T21:43:23","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=89960"},"modified":"2024-03-28T17:01:06","modified_gmt":"2024-03-28T21:01:06","slug":"troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","title":{"rendered":"Troubleshoot: Resolve Federated Users in Entra ID Being Forced to Sign In Frequently"},"content":{"rendered":"\n<p>If you are using Microsoft 365 with JumpCloud SSO in your environment and your end users are frequently being prompted to log into local Microsoft apps or services, this is likely due to a known issue from Microsoft. This can be corrected by setting a date\/timestamp for those users in Entra ID either individually or by looping over a CSV. The general command set is below and should be reviewed and tested on a user to validate that it resolves the issue. You can find an example of using PowerShell to loop through your users via the example below, but this should be tested on a small group of users first in case PS module syntax has changed, etc.&nbsp;<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>A Microsoft 365 instance and the Microsoft 365 SSO Integration configured in JumpCloud.<\/li>\n\n\n\n<li>The&nbsp;<a target=\"_blank\" href=\"https:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx#Installing_PowerShell_V2_from_the_PowerShell_Gallery\" rel=\"noreferrer noopener\">.NET Framework 4.5 or above<\/a>&nbsp;installed.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Refreshing the STS Token<\/strong><\/h2>\n\n\n\n<ol>\n<li>On a Microsoft Windows X86-based computer, run PowerShell as an administrator.&nbsp;<\/li>\n\n\n\n<li>Install the Microsoft.Graph Module for Windows PowerShell, if it is not already installed:\n<ul>\n<li>Run <kbd>Install-Module PowershellGet<\/kbd><\/li>\n\n\n\n<li>Answer Y to install the NuGet Provider<\/li>\n\n\n\n<li>Answer A to Answer Yes to All to install from PSGallery<\/li>\n\n\n\n<li>Run <kbd>Install-Module Microsoft.Graph<\/kbd><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Modify the PowerShell execution policy:\n<ol>\n<li>Set the Execution Policy to Remote Signed by running <kbd>Set-ExecutionPolicy RemoteSigned<\/kbd><\/li>\n\n\n\n<li>Answer A to confirm the change to the Execution Policy.<\/li>\n\n\n\n<li>Enter your M365 Global Administrator credentials.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/sharepoint\/find-your-office-365-tenant-id\" target=\"_blank\" rel=\"noreferrer noopener\">Get your M365 Tenant ID<\/a><\/li>\n\n\n\n<li>Run the following commands:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Connect-MgGraph -TenantId &#8220;&#8221; -Scopes <br>&#8220;User.ReadWrite.All\u201d,&#8221;Directory.Read.All&#8221;<br><br>Get-MgUser -UserId &lt;useremailaddresst@yourdomain.com&gt; -Property <br>UserPrincipalName, SignInSessionsValidFromDateTime, <br>LastPasswordChangeDateTime| select-object UserPrincipalName, SignInSessionsValidFromDateTime, LastPasswordChangeDateTime | fl<\/p>\n<\/div><\/div>\n\n\n\n<p>If the SignInSessionsValidFromDateTime value is blank, run the following command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Revoke-MgUserSignInSession -UserId user@example.com<\/p>\n<\/div><\/div>\n\n\n\n<p>Verify the SignInSessionsValidFromDateTime has the current date and time:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Get-MgUserGet-Msoluser -UserIdPrincipalName <br>useremailaddresst@yourdomain.com -Property UserPrincipalName, SignInSessionsValidFromDateTime, LastPasswordChangeDateTime| <br>select-object UserPrincipalName, SignInSessionsValidFromDateTime, LastPasswordChangeDateTime | fl<br><\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>Time values are in UTC.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Testing the STS Token Modification<\/strong><\/h2>\n\n\n\n<ol>\n<li>Run the following commands:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Get-MgUser -all -Property UserPrincipalName, AssignedLicenses, SignInSessionsValidFromDateTime| where-object <br>{$_.SignInSessionsValidFromDateTime -eq $Null} | select UserPrincipalName,AssignedLicenses,SignInSessionsValidFromDateTime | <br>Export-Csv -Path &#8220;C:\\PowerShellScripts\\Office365\\userswithoutSIS.csv&#8221; <br>-notypeinformation<br><br>$NoSISUsers = Import-Csv -Path &#8220;C:\\PowerShellScripts\\Office365\\userswithoutSIS.csv&#8221;<br><br>$NoSISUsers | ForEach-Object{Revoke-MgUserSignInSession -UserId $_.&#8221;userprincipalname&#8221;}<br><\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you are using Microsoft 365 with JumpCloud SSO in your environment and your end users are frequently being prompted [&hellip;]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,3135,2954,2998,3127],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Resolve Frequent Forced to Sign In on Azure AD - JumpCloud<\/title>\n<meta name=\"description\" content=\"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Troubleshoot: Resolve Federated Users in Entra ID Being Forced to Sign In Frequently\" \/>\n<meta property=\"og:description\" content=\"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-28T21:01:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently\",\"url\":\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently\",\"name\":\"Resolve Frequent Forced to Sign In on Azure AD - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-06-07T21:43:23+00:00\",\"dateModified\":\"2024-03-28T21:01:06+00:00\",\"description\":\"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Troubleshoot: Resolve Federated Users in Entra ID Being Forced to Sign In Frequently\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Resolve Frequent Forced to Sign In on Azure AD - JumpCloud","description":"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","og_locale":"en_US","og_type":"article","og_title":"Troubleshoot: Resolve Federated Users in Entra ID Being Forced to Sign In Frequently","og_description":"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.","og_url":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","og_site_name":"JumpCloud","article_modified_time":"2024-03-28T21:01:06+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","url":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently","name":"Resolve Frequent Forced to Sign In on Azure AD - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-06-07T21:43:23+00:00","dateModified":"2024-03-28T21:01:06+00:00","description":"Resolve a known issue with M365 Federated Users being forced to sign in frequently to Azure AD\/Entra ID. Learn how to refresh the STS Token.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/troubleshooting-resolve-federated-users-in-azure-ad-being-forced-to-sign-in-frequently#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Troubleshoot: Resolve Federated Users in Entra ID Being Forced to Sign In Frequently"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89960"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89960\/revisions"}],"predecessor-version":[{"id":108079,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/89960\/revisions\/108079"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=89960"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=89960"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=89960"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=89960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}