Idle Session Timeouts
What is an idle session timeout?
An idle session timeout occurs when a user leaves their device or account untouched for more than the allotted timeout period. A message will pop up and prompt the user to log in again. As of Apr. 27, 2023, the idle timeout period for online Microsoft services (not desktop) is three hours.
The image below illustrates what the user experience looks like when a user has exceeded the timeout period.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8yNTk0MC8zMjc4NS9ja2ZpbmRlci9pbWFnZXMvcXUvMTM0Ni9OZXclMjBTU08lMjAoMikucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzE0NzY5MTAxfX19XX0_&Signature=rs7yfTa-fktbo7FxPBXLDfvzv1a52mI0L4B35nEyhGWBZLTyxWMyoGCHQoWmvH0QdavUm-KXrVodu0b-1J3pTS7v47v1HW6S0RlmyVLFf6rcAB~nVFMouDs-KzReFAm1OLWSmJ-~eAKb3u1vpBcFfR7vRaAfEzyc0wXgexFCHGi~4BpmHJQzHm2FnLErOje9sL9irDYexl~FfDIHmDd1tc-ZAoDj~Vz5WkgROP6U07Hr7VA2~tl7kAsjfQq3INd-EacQHwRBxTbkegouSMUZ~gmISIVPbM8emfBZ7ZqAm-0DpfER89ToD7nI7EMSqs11k-FYyLatL6U-uVp7vJuApQ__&Key-Pair-Id=K2TK3EG287XSFC)
What is the purpose of an idle timeout?
Having an idle session timeout is a security best practice that helps protect sensitive information and data from unauthorized access. By setting a timeout period for inactive sessions, we can ensure that user sessions are automatically terminated after a certain period, reducing the risk of unauthorized access by hackers or other bad actors.
Session Length Timeout Periods
| Service/Application | Length |
| Online Microsoft 365 Applications | 3 hours |
| Library Services | 3 hours |
© 2005 - 2024 ProProfs