Low

Persistent browser session allowed

Checks whether persistent browser sessions are allowed without restrictions in Conditional Access.

Category: Conditional Access
Default severity: Low
Rule key: CHECK_CA_PERSISTENT_BROWSER
Last updated: February 20, 2026

How to fix it

Restrict persistent browser sessions via Conditional Access, especially for unmanaged devices, to reduce risk on shared computers.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Policy.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →