Office 365 session timeouts

Ruslan Ignatjev 66 Reputation points


We want to implement this kind of thing - When a user leaves the office or works from home, all his browser sessions will end when the browser is closed. So this policy will only work when a user is out of office.

Can we do it using some kind of policy or conditional access?

Thanks in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,813 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,316 Reputation points

    Hi @Ruslan Ignatjev • Thank you for reaching out.

    • If you are using KMSI (Keep Me Signed In) option, which issues persistent session cookie, sessions cookies are NOT expired when browser is closed.
    • If the devices are Azure AD Registered/Joined/Hybrid-Joined, PRT (Primary Refresh Token) is issued to device, which is leveraged to provide seamless SSO experience to the users when they close and reopen the browser.
    • When KMSI is not used, session cookies expire when browser session is closed.

    If you are in any of the above scenarios, you can configure below settings in conditional access policy.

    1. Include all users or required set of users
    2. Include Office 365 under cloud apps
    3. Exclude the subnet(s) that represent your office IP addresses and Include all locations
    4. Under sessions > select checkbox for sign-in frequency > set a time e.g. 3 Hour.

    Conditional access policy with above settings configured, would require users to sign-in after every 3 hours when they are out of the office network.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.