Idle Session Timeouts 

What is an idle session timeout? 

An idle session timeout occurs when a user leaves their device or account untouched for more than the allotted timeout period. A message will pop up and prompt the user to log in again. As of Apr. 27, 2023, the idle timeout period for online Microsoft services (not desktop) is three hours. 

The image below illustrates what the user experience looks like when a user has exceeded the timeout period. 

An webpage is diplayed that states "You have been signed out. Your organization's policy enforces automatic sign out after a period of inactivity on Microsoft 365 web applications.

What is the purpose of an idle timeout? 

Having an idle session timeout is a security best practice that helps protect sensitive information and data from unauthorized access. By setting a timeout period for inactive sessions, we can ensure that user sessions are automatically terminated after a certain period, reducing the risk of unauthorized access by hackers or other bad actors.

Session Length Timeout Periods

Service/Application Length 
Online Microsoft 365 Applications 3 hours
Library Services  3 hours


© 2005 - 2024 ProProfs