Forum Discussion

EricStarker's avatar
EricStarker
Icon for Community Manager rankCommunity Manager
Sep 19, 2017

Fewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview

A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. But we know from talking to customers, that cutting down on the number of sign-in prompts is REALLY important. Nobody wants to have to sign-in to an app multiple times!

 

So today I’m happy to share that we’re improving how “Keep me signed in” option is shown to users. We’re also adding intelligence to ensure users are prompted to remain signed in only when it’s safe to do so.

 

 

Read about it in the Enterprise Mobility & Security blog.

  • and you thought replacing a simple checkbox with an extra annoying pop up dialog box is good because of what again?! people want to move away from sign in page as quickly as possible, even having separate dialogs for username and password was something "interesting". now you added the 3rd one?!

    • Kelvin Xia's avatar
      Kelvin Xia
      Icon for Microsoft rankMicrosoft
      Our data shows that having a bit of friction up front ultimately improves the long-term user experience as it reduces subsequent sign-in prompts.
      • Uli Zug's avatar
        Uli Zug
        Copper Contributor

        Hi,

        actually we would like to enable this setting for all users as it improves the user experience and allows us to get rid of the additional pop-up. In a recent case we found that this setting can not be controlled by GPO etc. Are you planning to add this option ? 

  • Peter Lemmens's avatar
    Peter Lemmens
    Copper Contributor

    I "regularly" log on as a different user on this machine for testing purposes. As per this blogpost this appears to have disabled the "Stay signed in?" prompt for my user.

    Is there any way to stop Microsoft from thinking that this is a shared device? Having to log on -every- time is pretty frustrating. Especially as I have MFA enabled.

    • Kelvin Xia's avatar
      Kelvin Xia
      Icon for Microsoft rankMicrosoft
      Unfortunately, there isn't a way to disable the shared device logic right now. The workaround is to use different browsers.
      • Jason VanAssen's avatar
        Jason VanAssen
        Copper Contributor

        Kelvin, could you share any additional information about the shared device logic? I receive the additional keep me signed in prompt when using google chrome but it will not appear for me in IE, nor for any of my colleagues in the office.

        Is there any particular setting that it could be picking up from IE?

         

        Thanks

  •  

    Something that is not clear to me is how this interacts with ADFS?

     

    Does it makes a difference if you tick the checkbox before one is redirected to the internal ADFS log in page upon entering his UPN.

     

    I don't know if your telemetry also shows how many users quickly thicking the box after entering their UPN and the browser is already starting to redirect to the internal ADFS log in page.

    • Kelvin Xia's avatar
      Kelvin Xia
      Icon for Microsoft rankMicrosoft
      Hi Bart,

      unfortunately the image used on the initial post in this thread shows the *old* experience. The change we're making only applies to the *new* sign-in experience. You can click the link to the blog post which will show you the exact change.

      With this change, we're removing the checkbox in favor of a screen that appears after credential collection. In ADFS scenarios, the new screen will appear after successful authentication in ADFS. As such, the user doesn't have to worry about checking a checkbox before entering their UPN (and getting redirected).
  • Bruce Ordway's avatar
    Bruce Ordway
    Copper Contributor
    Can I enable/disable this preview from OWA? I believe that I did not allow it first time I was presented with the option - and have not been prompted again.
    BTW... Users have been complaining about the "Keep me signed In" checkbox in OWA for as long as I can remember. My results have always been erratic for the "Keep me signed In" checkbox. It's been especially annoying to be logged out without the option to save current work. Just a pop-up notice of the log out AND then find that no draft was saved for the email response I'd been editing.
    • Kelvin Xia's avatar
      Kelvin Xia
      Icon for Microsoft rankMicrosoft
      We haven't rolled out the new "Keep me signed in" prompt to production yet, so I'm not sure what you're seeing. However, you should be able to clear any state you've gotten yourself into by clearing browser cookies.

      With regards to your feedback about providing notice of log out in OWA, I'll forward this to the relevant team in Outlook.
      • Bruce Ordway's avatar
        Bruce Ordway
        Copper Contributor

        Thanks for yor reply..

        OK, I was able to get the new log on option back for OWA.

        Unfortunately it doesn;t seem to be working any differently that the old version.

        I was logged off from OWA again today.

         

        FYI I work remotely for several sites

        So I don't use the full Outlook client, but instead keep in touch thru multiple OWA sessions in IE.

        What I've noticed...

        I ONLY have problems with sites who are running Office 365.

        - Never have issues staying logged on with sites that maintain Exchange/SMTP on site.

        - So I am guessing the root cause for not being able to stay logged on?

        i.e. is out of local admins control,  issues are "baked into" Office 365 or the admins at MS have disallowed staying logged on?

         

        Easy for me to be suspicious when 3rd party administation could be involved.

        One of the reasons why Office 365 still hasn't won me over.

         

         

  • Is there a way to force my tenant to the new login experience? If not what is the current timeframe for when this will be rolled out?

     

    Thanks

    Sean

  • Evan Bastow's avatar
    Evan Bastow
    Copper Contributor

    If a user has made the selection to not stay logged in... but now wants to take advantage of it, do they just need to clear their browser cache/cookies or ? to get the KMSI prompt again?

    • Nuno Brites's avatar
      Nuno Brites
      Copper Contributor

      Yes. If you delete the Microsoft login related cookies the prompt appears again.

  • Andrew Clarke's avatar
    Andrew Clarke
    Copper Contributor

    > but our telemetry shows that usage of that checkbox is very low.

     

    And it occurred to NOBODY that maybe, just maybe, the usability or visibility of that option might be where the problem lies?

     

    You REALLY think it's because people DON'T want to avoid chronic sign-ins?

     

    I despair at the current state of start-of-the-art user interface principles.

  • Andrew Bevan's avatar
    Andrew Bevan
    Copper Contributor

    The keep me signed in button has disappeared from my login and now have to log in multable times of day

  • Chris Hirst's avatar
    Chris Hirst
    Copper Contributor

    Once I've answered no I don't want fewer login prompts how do I get it to ask me again so I can change my answer. :-)

    • Chris Hirst's avatar
      Chris Hirst
      Copper Contributor

      I cleared all my browsers history including cookies the prompt did not pop up.

      • Kelvin Xia's avatar
        Kelvin Xia
        Icon for Microsoft rankMicrosoft
        Clearing cookies should reset the state and show you the prompt again on that browser. Did you ever see the prompt on that specific browser before?

Resources