Manage Authentication Sessions in Outlook on the web with Azure AD Conditional Access
Published Jul 15 2019 10:52 AM 16.4K Views

About a year ago, we announced Conditional Access for Outlook on the web. This provided administrators a way to ensure they are protecting their corporate data from leaking onto shared and personally owned devices.  We appreciate all the feedback we received and continue to work closely with the Azure AD team to invest in ways to further protect your data. 

From the feedback, it was clear that one of the areas in which we could make things better was when customers have a desire or need to adjust the session lifetime of their apps and services.   A few weeks ago, Azure AD announced the public preview of capabilities which are a part of Azure AD Conditional Access.

Authentication Session Management allows you to control the frequency at which your users are required to enter their credentials.  By default, the session lifetime to a rolling window of 90 days.  We understand that this setting may not be desired by everyone, and some will ultimately need to decrease this value.  However, it is important to keep in mind that decreasing the value to very short intervals does have a great impact to your user experience and productivity.

An additional benefit with the Authentication Session Management work is that you will get the ability to configure fine grained controls that will allow you to create policies that target specific users or use cases.  For example, you can create a policy that has a shorter session time for unmanaged or shared devices, while keeping a longer session time for compliant devices.  This will allow you to balance your security stance as well as ensuring your users are staying productive.


Configuring authentication sessions for your organization

To get started, login to the Azure AD portal and navigate over to the Conditional Access section.  You can now create a new policy and you will see some additional Session Controls.




Sign-in frequency controls how often users get prompted to sign in.  Sign-in frequency can be set from 1 hour to 365 days.

Persistent browser session controls when users can remain signed in after closing .  The two settings are “always persist”, or “never persist”.  In both cases, you’ll be making the decision on behalf of all of your users and they will no longer see the “Stay signed in?” prompt.

For additional information about authentication Session Management please check out our support docs.

We are all very excited to roll out these new feature enhancements to everyone!  We also look forward to hearing any feedback and suggestions for further improvements you would like to see in the future!

David Los

Principal Program Manager

Outlook on the Web

Version history
Last update:
‎Jul 16 2019 06:04 PM
Updated by: