User tokens validity extended from 90 to 720 days?

After this final upgrade in June I have noticed that user tokens’ validity has been extended from 90 to 720 days? Is this a wanted change or a bug?

I have previously already communicated about token validity issue with Comodo. My stand is that there is need for this token validity period to be subjected to customization, so admins would have ability to limit token’s validity based on their business need. This is important for MSPs if they want to control process of enrollment of customers devices. If you leave validity period to be 720 days, customer can continue to enroll his devices for 2 years without MSP’s permission. And, the bad part is that you cannot configure EM to generate alert when new device appears on the platform.

Secondly, MSPs and Comodo, both, have problem with DoS attacks if those links become available publicly, purposefully or not. I am pretty sure that you have not implemented any restrictions on the number of newly enrolled devices per day, for example. Or, possibly option to limit token usage to a customized number of devices. For example, if I expect customer to enroll 50 devices it would be good to have an option to limit the number of devices enrolled with this token to 50.

Good idea on adjustable token time, especially if your imaging.

I don’t think it is worth limiting the number of devices as we often have customers with 30 - 50 computers meaning a bulk installation is not possible.

Hello @msp_security ,

We already have the ability to adjust the token for a year or for a custom period on the roadmap.
For your request regarding limiting the device per token, we will try to forward the idea to our Development team and we`ll send you an update the soonest.

@StrobeTech , thank you for always sharing your thoughts as well, we appreciate it.