Forum Discussion
Fewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview
A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. But we know from talking to customers, that cutting down on the number of sign-in prompts is REALLY important. Nobody wants to have to sign-in to an app multiple times!
So today I’m happy to share that we’re improving how “Keep me signed in” option is shown to users. We’re also adding intelligence to ensure users are prompted to remain signed in only when it’s safe to do so.
Read about it in the Enterprise Mobility & Security blog.
- Sassan HajrasoolihaCopper Contributor
and you thought replacing a simple checkbox with an extra annoying pop up dialog box is good because of what again?! people want to move away from sign in page as quickly as possible, even having separate dialogs for username and password was something "interesting". now you added the 3rd one?!
- Kelvin XiaMicrosoftOur data shows that having a bit of friction up front ultimately improves the long-term user experience as it reduces subsequent sign-in prompts.
- Uli ZugCopper Contributor
Hi,
actually we would like to enable this setting for all users as it improves the user experience and allows us to get rid of the additional pop-up. In a recent case we found that this setting can not be controlled by GPO etc. Are you planning to add this option ?
- Peter LemmensCopper Contributor
I "regularly" log on as a different user on this machine for testing purposes. As per this blogpost this appears to have disabled the "Stay signed in?" prompt for my user.
Is there any way to stop Microsoft from thinking that this is a shared device? Having to log on -every- time is pretty frustrating. Especially as I have MFA enabled.
- Kelvin XiaMicrosoftUnfortunately, there isn't a way to disable the shared device logic right now. The workaround is to use different browsers.
- Jason VanAssenCopper Contributor
Kelvin, could you share any additional information about the shared device logic? I receive the additional keep me signed in prompt when using google chrome but it will not appear for me in IE, nor for any of my colleagues in the office.
Is there any particular setting that it could be picking up from IE?Thanks
- bart_vermeerschSteel Contributor
Something that is not clear to me is how this interacts with ADFS?
Does it makes a difference if you tick the checkbox before one is redirected to the internal ADFS log in page upon entering his UPN.
I don't know if your telemetry also shows how many users quickly thicking the box after entering their UPN and the browser is already starting to redirect to the internal ADFS log in page.
- Kelvin XiaMicrosoftHi Bart,
unfortunately the image used on the initial post in this thread shows the *old* experience. The change we're making only applies to the *new* sign-in experience. You can click the link to the blog post which will show you the exact change.
With this change, we're removing the checkbox in favor of a screen that appears after credential collection. In ADFS scenarios, the new screen will appear after successful authentication in ADFS. As such, the user doesn't have to worry about checking a checkbox before entering their UPN (and getting redirected).
- Bruce OrdwayCopper ContributorCan I enable/disable this preview from OWA? I believe that I did not allow it first time I was presented with the option - and have not been prompted again.
BTW... Users have been complaining about the "Keep me signed In" checkbox in OWA for as long as I can remember. My results have always been erratic for the "Keep me signed In" checkbox. It's been especially annoying to be logged out without the option to save current work. Just a pop-up notice of the log out AND then find that no draft was saved for the email response I'd been editing.- Kelvin XiaMicrosoftWe haven't rolled out the new "Keep me signed in" prompt to production yet, so I'm not sure what you're seeing. However, you should be able to clear any state you've gotten yourself into by clearing browser cookies.
With regards to your feedback about providing notice of log out in OWA, I'll forward this to the relevant team in Outlook.- Bruce OrdwayCopper Contributor
Thanks for yor reply..
OK, I was able to get the new log on option back for OWA.
Unfortunately it doesn;t seem to be working any differently that the old version.
I was logged off from OWA again today.
FYI I work remotely for several sites
So I don't use the full Outlook client, but instead keep in touch thru multiple OWA sessions in IE.
What I've noticed...
I ONLY have problems with sites who are running Office 365.
- Never have issues staying logged on with sites that maintain Exchange/SMTP on site.
- So I am guessing the root cause for not being able to stay logged on?
i.e. is out of local admins control, issues are "baked into" Office 365 or the admins at MS have disallowed staying logged on?
Easy for me to be suspicious when 3rd party administation could be involved.
One of the reasons why Office 365 still hasn't won me over.
- Sean Stark - AdminCopper Contributor
Is there a way to force my tenant to the new login experience? If not what is the current timeframe for when this will be rolled out?
Thanks
Sean
- Evan BastowCopper Contributor
If a user has made the selection to not stay logged in... but now wants to take advantage of it, do they just need to clear their browser cache/cookies or ? to get the KMSI prompt again?
- Nuno BritesCopper Contributor
Yes. If you delete the Microsoft login related cookies the prompt appears again.
- Andrew ClarkeCopper Contributor
> but our telemetry shows that usage of that checkbox is very low.
And it occurred to NOBODY that maybe, just maybe, the usability or visibility of that option might be where the problem lies?
You REALLY think it's because people DON'T want to avoid chronic sign-ins?
I despair at the current state of start-of-the-art user interface principles.
- Andrew BevanCopper Contributor
The keep me signed in button has disappeared from my login and now have to log in multable times of day
- Chris HirstCopper Contributor
Once I've answered no I don't want fewer login prompts how do I get it to ask me again so I can change my answer. :-)
- Chris HirstCopper Contributor
I cleared all my browsers history including cookies the prompt did not pop up.
- Kelvin XiaMicrosoftClearing cookies should reset the state and show you the prompt again on that browser. Did you ever see the prompt on that specific browser before?