Microsoft 365 Web Apps Get New Idle Session Timeout Feature to Prevent Data Leaks

Microsoft 365 Apps

The idle session timeout feature, which the company announced for its Microsoft 365 web apps back in March, is now generally available for customers. The new capability lets IT admins configure a policy to automatically sign out inactive employees from Microsoft 365 web apps.

Previously, the idle session timeout setting was only available for Outlook on the Web and SharePoint Web apps (on a per-app basis). Microsoft has now expanded this feature to support all Microsoft 365 Web apps. However, the setting doesn’t affect desktop and mobile users.

Microsoft highlights that configuring a tenant-wide policy should make it easier to prevent unauthorized access that can lead to information exposure on unmanaged or shared devices. It can also help to ensure compliance and a consistent user experience in session timeouts across all Microsoft 365 web apps.

The idle session timeout feature is currently supported in select Microsoft 365 web apps. These include, Outlook on the web, PowerPoint for the web, Excel, Word, OneDrive for the web, SharePoint, as well as Microsoft 365 admin center.

“Based on multiple customer conversations and feedback sessions, it became evident that our customers were looking for a more predictable and coherent solution covering the entirety of Microsoft 365 web apps. Idle session timeout is one of the many controls you can use with Microsoft 365 to balance user productivity and security to meet your organizational security requirements,” Microsoft explained.

Microsoft 365 Web Apps Get New Idle Session Timeout Feature

How to enable idle session timeout for Microsoft 365 web apps

To turn on the Idle session timeout setting, IT administrators will need to follow the steps mentioned below:

  1. Head to the Microsoft 365 admin center, click Org Settings >> Security & privacy tab then turn on the Idle session timeout toggle button.
  2. It’s possible to select the default setting or set a custom time for session timeouts. However, IT admins may need to wait a couple of minutes before the policy is enabled in their tenant.

Once the policy is enabled, employees will see a prompt after a certain period of inactivity on Microsoft 365 web apps. It will notify them their session is about to expire, and the user will need to click the Stay signed in button to avoid automatic sign-out.

Microsoft noted in a support document that users should enable third-party cookies in their web browsers in order to use the idle session timeout feature. The company recommends Microsoft Edge users to set the tracking prevention option to Balanced (Default).

Although the idle session timeout feature has dropped its preview tag, it’s gradually rolling out to all Microsoft 365 commercial customers from June to August. Microsoft plans to bring this capability to Government subscribers later this year.