Idle Session Timeouts
An idle session timeout occurs when a user leaves their device or account untouched for more than the allotted timeout period. A message will pop up and prompt the user to log in again. As of Apr. 27, 2023, the idle timeout period for online Microsoft services (not desktop) is three hours.
The image below illustrates what the user experience looks like when a user has exceeded the timeout period.
Having an idle session timeout is a security best practice that helps protect sensitive information and data from unauthorized access. By setting a timeout period for inactive sessions, we can ensure that user sessions are automatically terminated after a certain period, reducing the risk of unauthorized access by hackers or other bad actors.
|Online Microsoft 365 Applications||3 hours|
|Library Services||3 hours|