Forcing users to re authenticate after idle time

Golan Ops 1 Reputation point
2020-11-26T11:36:22.737+00:00

Hello,,

What i want to achieve is that users from any devices that will authenticate to the Exchange server (by entering password), will be forced to authenticate again after some idle\inactive time (like 30 min), which then they will have the enter password again.

scenario : user go to a break of 30 min while is outlook is open, when he returns to the outlook he needs to enter password to keep working again.

The devices includes : Outlook, mobile and OWA .

Were using Exchange server 2016 and authenticate with ntlm and kerberos.

Is there a way to achieve that?
I'm open to any suggestions, any external tools and any configuration on the server.

Thanks anyway.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,321 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 140.8K Reputation points MVP
    2020-11-26T13:15:44.227+00:00

    The only way I can see this working is to leverage Hybrid Modern Auth in Exchange Online and Azure

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide

    Then enforcing a session timeout using Conditional Access:

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

    Otherwise, I dont think there is any native way of doing this on-prem.

    0 comments No comments

  2. Eric Yin-MSFT 4,386 Reputation points
    2020-11-27T09:37:28.387+00:00

    For OWA, you can modify the default time-out settings to 5 minutes by the following command:

    Set-OrganizationConfig -ActivityBasedAuthenticationTimeoutInterval 00:05:00  
      
    

    This command may need several hours to work, maybe 12+ H.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.