As remote work is becoming an ingrained part of the new work culture, employees of large, medium, and small organizations need to be able to access company data from anywhere on any device. In fact, a common theme we have heard from our customers is that access to corporate resources from unmanaged or shared devices is on the rise. One of the ways users accomplish tasks, such as checking email, collaborating with others in a Word document, or replying to a chat, is by using Microsoft 365 web apps on their personal devices or on public kiosk devices.
In an unmanaged/shared device access scenario, users often forget to sign out, exposing sensitive data to unauthorized access. This behavior has continued despite security training and corporate policy in place. It results in more work for IT admins of these organizations who want to keep their company data safe.
Today, we are super pleased to announce the general availability of idle session timeout for Microsoft 365 web apps. IT admins can now configure a tenant-wide timeout policy to automatically sign out users after a period of inactivity on Microsoft 365 web apps.
From June to August 2022, this functionality will be rolled out in Microsoft 365 worldwide cloud environments of Office.com, Word, Excel, PowerPoint for the web, Outlook on the web, OneDrive for the web, SharePoint, and Microsoft 365 admin center. Support for Government clouds will be added later this year.
An animated image demonstrating the idle session timeout policy in Outlook on the web - A pop-up dialog box appears with two clickable choices: "Sign out now" and "Stay signed in."
The current idle timeout settings on Outlook on the web and SharePoint have been useful for preventing data leakage based on user activity at an application level. Based on multiple customer conversations and feedback sessions, it became evident that our customers were looking for a more predictable and coherent solution covering the entirety of Microsoft 365 web apps. Idle session timeout is one of the many controls you can use with Microsoft 365 to balance user productivity and security to meet your organizational security requirements.
Here are a few common use cases in which idle session timeout helps solve these unmet customer needs:
To learn more about the idle session timeout functionality and how to configure it for your organization, check out this helpful Microsoft Docs article: Idle session timeout for Microsoft 365.
- IT admins: Reduce data leakage from unmanaged devices
Contoso's IT admins received several reports of leaked employee data and compromised accounts from unmanaged kiosk devices. IT admins determined that Contoso employees often forget to sign out after checking their email on Outlook on the web or accessing a document from SharePoint. IT admins configured the new tenant-wide idle timeout policy to automatically sign out users on unmanaged kiosk devices after 15 minutes of inactivity. After Contoso turned on the policy, data leakage and account compromise cases went down by 50%.
- End users: Help in maintaining compliance
Vlad is a healthcare professional who normally performs his productivity tasks (email, chat, etc.) on shared devices. One day as he was checking emails in Outlook on the web and accessing sensitive data on the Microsoft Teams web client, he received a work page that immediately required his presence in the emergency ward. Vlad realized that he forgot to sign out of his work account in the browser. However, when he returned to his desk, he saw that he had been automatically signed out of his account.
- End users: Predictable and consistent user experience across all Microsoft 365 web apps
Amy, a finance manager, received a text from her boss on Sunday asking her to update the quarterly forecast reports for a leadership review Monday morning. She logged into her email on Outlook on the web from her home PC and clicked on the link to the Excel spreadsheet. She continued to work on Excel for the web for the next 45 mins during which time she was inactive on the Outlook browser tab. Although the company policy enforces automatic logout after 30 mins of inactivity, she was pleasantly surprised that she did not encounter an abrupt prompt or sign out since she was still active in Excel for the web. This was a more predictable experience compared to the one observed in the past through Outlook timeout settings.
Note: This announcement is tied to a previous update on Message Center via MC post MC343441.
Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. Check out what features are in development or coming soon on the Microsoft 365 Roadmap, or to view the roadmap item for idle session timeout for Microsoft 365 web apps, click here.