Idle session timeout is a feature that kicks off after a period of inactivity, allowing O365 administrators to automatically signing out inactive sessions preventing the overexposure of information in case a user leaves a computer unattended. This is done, first by displaying a warning prompt and then signing the user out of SharePoint Online and OneDrive for Business.
This a useful feature in the scenarios where shared pc’s are used by multiple users. We have to take into account that this feature is activated for the entire tenant (is not possible to configure it to specific users) and only applies on web browser session 🙂
By default, this new feature is disabled, so in order to enable it we have to use SPO PowerShell module and execute the following commands:
Connect-SPOService -Url “https://yourtenant-admin.sharepoint.com”
Set-SPOBrowserIdleSignOut -Enabled $true -WarnAfter (New-TimeSpan -Seconds 100) -SignOutAfter (New-TimeSpan -Seconds 120)
Once the idle session timeout has been activated, is it necessary to know that shis setting only will take place fore the new sessions. So once the timespan is reached (in my case 100 seconds), the user will be notified like the following:
If the timespan for log out is reached (in my example 120 seconds), the user will receive the following message
And the user will need to log in again into O365
If by any chance, you need to deactivate the Idle Session time out into your tenant, will be necessary to execute the following command:
Set-SPOBrowserIdleSignOut -Enabled $false
Also, it is necessary to be aware that the following actions are counted as O365 actions and restrictions/limitations:
- Mouse movement or scrolling up and down is not included as activity. Activity is counted as requests sent to SharePoint Online. Mouse clicks within the context of a site are considered activity.
- Idle-session timeout is limited to SharePoint Online browser sessions; however, will sign users out of all Office 365 workloads within that browser session.
- It will not sign out users who are on managed devices or select Keep Me Signed In during sign-in.
- Idle session timeout is currently limited to Classic sites. A fix will be rolled out to support Modern sites soon.
- The WarnAfter and SignOutAfter values cannot be the same.
- The policy scope is Tenant-wide.
For more info: