Session Idle Timeout Settings Now Available in Microsoft 365 Web Apps

New

Session Idle Timeout Settings Now Available in Microsoft 365 Web Apps

Microsoft on Tuesday announced the retail “general availability” release of session timeout settings for Microsoft 365 web apps.

With this feature, organizations can specify when end users must reenter their credentials to use Microsoft 365 web apps after a period of inactivity. Microsoft already had such a feature for Outlook on the web and SharePoint web apps, but it will now also work with other Microsoft 365 web apps.

These supported web apps include “Office.com, Word, Excel, PowerPoint for the web, Outlook on the web, OneDrive for the web, SharePoint, and the Microsoft 365 admin center,” the announcement says.

Session inactivity timeout settings can be used to deter potential data leaks when remote workers forget to log out of web applications. IT departments can even set session inactivity timeout settings that will apply to unmanaged devices, which seems to be Microsoft’s primary use case concept for this capability.

The ability to set idle session timeout settings for Microsoft 365 Web Apps is reportedly available globally, though Microsoft is rolling it out gradually to rentals between June and August this year. It is not yet available to government subscribers, but will be “later this year”, the announcement promised.

The nuances regarding these idle session timeout settings for Microsoft 365 Web Apps are described in this Microsoft document, although at the time of publication the document still referred to an “overview”. The policies are set using the Microsoft 365 admin center portal and override any policies previously set for the Outlook web app or SharePoint web app.

Session inactivity timeout settings will apply to an entire Microsoft 365 tenancy. Although settings cannot be specified for specific users, access policies can be used conditional Azure AD for different users and groups to access SharePoint and Exchange Online,” the document says.

Session inactivity timeout settings will not apply if users logged in to a single sign-on session from a domain-joined account. The settings will also not apply if users “select Stay logged in at the time of connection,” the document adds.

Settings will also not be triggered on managed devices with supported browsers, although the explanation provided by Microsoft’s document on this point is very confusing.

Additionally, browsers must be configured to accept third-party cookies in order to use the idle session timeout capability. “We recommend that you keep the Tracking Prevention setting to Balanced (default) for Microsoft Edge and third-party cookies enabled in your other browsers,” the document says.

About the Author


Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.



Comments are closed.