Aug 06 2022 11:54 AM
I need to clarify how this policy works. Based on the official statement (see below) and my research, it affects only users who access Microsoft 365 web apps from unmanaged devices. Users accessing web apps from managed devices (AD joined or registered) will not be affected. Is that correct? Would be nice to share your experience.
Aug 07 2022 12:57 PM
Not tested yet myself, but this blog post ties in with the MS Docs - not sure if you've seen it. Remains unclear to me though
Perhaps @Namit Gupta could kindly clarify?
Aug 08 2022 12:17 PM
@mxtx23 @HidMov Thank you for calling that out.
Once you turn on the idle session timeout policy in M365 admin center, it applies to all device types (managed and unmanaged) if the other conditions around SSO or 'Stay signed in?' are met. For this policy to be triggered "only" on unmanaged devices, you will additionally need to configure a CA policy as described in the docs article. Hope this clarifies.
We are in the process of updating our documentation to reflect this behavior. It will be updated in a few days.