Forum Discussion
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the e...
Kelvin Xia
Microsoft
MicrosoftHi Paul,
This new KMSI experience is completely rolled out now for a few weeks. We added some logic to hide the prompt if we detect that the login session is risky, if it's a shared machine or if SSO is set up. Can you please try logging in on an in-private/incognito browser and see if the prompt shows?
This new KMSI experience is completely rolled out now for a few weeks. We added some logic to hide the prompt if we detect that the login session is risky, if it's a shared machine or if SSO is set up. Can you please try logging in on an in-private/incognito browser and see if the prompt shows?
Kelvin Xia what exactly does the "shared machine" logic cover? I stopped receiving the KMSI prompt on my personal PC, which is pretty much the most secure machine I use (even added as trusted IP), and since I'm not using any form of SSO for said account, that only leaves the "shared machine" scenario? On the same machine, another user from the same tenant is getting the KMSI prompt...
- Kelvin XiaHi Teemu,
would you mind private messaging me your email address? I'll need some additional info (eg. traces) to investigate this.
Thanks,
Kelvin We are experiencing the same as VasilMichev, no KMSI prompt after successful sign-in in IE11 or Chrome. And every time browser is started a sign-in prompt (password) is shown. Also sign-in prompt is shown every time I open locally installed Outlook client.
- Kelvin XiaThanks for verifying. We also take into account a risk score provided by our Identity mechanisms. We've had isolated reports that it is kicking in a tad bit too aggressively, but we don't have confirmation yet.
Can you please DM me the following:
1. UPN of the account you used where KMSI doesn't show and also the one where KMSI does show.
2. Co-relation id of the request when logging in on the account where KMSI doesn't show. You can get this by clicking on the three dots at the bottom right corner of the page when you're on the password screen. Thanks Kelvin. I did clear cookies, but that doesn't seem to had any effect. And if it's cookie based, doesn't explain why I don't see the prompt in Private session or when using other browsers on the same machine? Is there perhaps any "server-side" component to it? Same machine, same browsers, same O365 tenant - one user gets the prompt in Private session, the other one does not.
- Kelvin XiaHey Vasil, the shared machine logic essentially stops showing the KMSI prompt if a different account has been used on the same browser. That logic will reset (and KMSI will show again) if you clear browser cookies, or if you continue to only sign in with that one account for a few days.
For the other user that's getting the prompt, are you using the same browser?
