Account/Authentication - Azure Active Directory - Ensure the Option to Remain Signed-in is Hidden

 







Summary

The option Stay signed in or Keep me signed in will be prompted after a successful login, and when a user select this option, a persistent refresh token is created which will generally last till 90 days and does not prompt for sign-in or Multi-Factor.

Reason

If the users are permitted to choose this option, it may pose risk especially when the user signs into their account on a publicly accessible computer/web browser. This will result in easier access for an unauthorized person to any associated cloud data from that account.

What If?

Hiding this setting, will result in no Stay signed in? message prompts during signing-in, which also means that users will be forced to sign-in more frequently.

Note- Some of the SharePoint Online and Office 2012 features have a dependency on users remaining signed in. If this option id hidden, then, users may get additional and unexpected sign-in prompts.

How to?

To verify the option to remain signed-in is disabled, use the Microsoft 365 Admin Center:
  1. Login to https://admin.microsoft.com as a Global Administrator.
  2. Go to Admin centers then choose Azure Active Directory.
  3. Now, under Manage select Company branding followed by the appropriate Locale policy.
  • If no policy exists, then, you have to click Configure to create one.
      4. After that, scroll to the bottom of the newly opened pane and ensure Show option to remain                    signed-in is not checked.
      5. Click Save.

Monitor:

To verify the option to remain signed-in is disabled, use the Microsoft 365 Admin Center:
  1. Login to https://admin.microsoft.com as a Global Administrator.
  2. Go to Admin centers then choose Azure Active Directory.
  3. Now, under Manage select Company branding followed by the appropriate Locale policy.
  • If you see Configure then no locale or policy exists and this setting is not applied, proceed to remediation.

      4. After that, scroll to the bottom of the newly opened pane and ensure Show option to remain                    signed-in is not checked.







































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)