Jan 02 2023 01:47 AM
The option for users to choose to stay signed in to Office 365 is a potential security problem. We have MFA turned on, but if users stay signed in another person may access the tenant if the computer is left unattended or is hacked.
It was possible to turn this option off in Company Branding in AAD until the latest (preview) version of Company Branding was released. For some reason that feature is not available in the latest version. I assume I can revert to the previous version, and then turn it off, but when doing that, I receive a warning that it may have negative consequences for SharePoint Online, but it doesn't say what those consequences are. So, my questions are:
1. Can I turn it off by reverting to the previous version of Company Branding and what are the consequences?
2. Is it possible to achieve the same result in another way? PowerShell or Conditional Access maybe?
Jan 02 2023 04:33 PM
I thought it was still exist:
Log in to https://admin.microsoft.com as a Global Administrator.
Go to Admin centers and click on Azure Active Directory, once in the AD Admin Center select Azure Active Directory.
Scroll down and select Company branding under Manage followed by the appropriate policy.
If no policy exists you will need to create one.
Scroll to the bottom of the newly opened pane and ensure Show option to remain signed in is set to No.
Click Save.
Default Value:
Users may select stay signed in
Jan 03 2023 12:57 AM
Feb 23 2023 01:29 AM
Jun 11 2023 12:44 AM