Session Time Outs

New Contributor

Is there any way to setup user session time outs so that users have to authenticate back into Office 365 within a certain period of time? We need this setting in order to comply with NISt 800-53 compliance (Section AC-12, session termination). These NIST req. are the main reason we are transitioning over to Office 365 E3. the only option I see is OWA time outs.

Is there other companies that have to comply?

2 Replies

The ability to control token lifetimes across all Azure AD applications (O365 ones included) is now in Preview:


I would also suggest you get in touch with your Microsoft representative as I'm certain the folks at Microsoft responsible for meeting the different compliance regulations would love to hear about your case.

Thanks, i will check it out