Forum Discussion
Windows 365 disconnects on lock, possible to change timeout?
We enabled the SSO/MFA preview and now when our Windows 365 RDP sessions time out they are booting the user off of the RDP session with the message "Windows Remote Desktop Client - You were disconnected because your session was locked." This is apparently by design because of the ability to use passwordless authentication and the fact the lock screen can't support this. The timeout appears to currently be 15 minutes which is fairly short if the VDI is not your only system you are working in. I am wondering if anyone knows of a way to extend this timeout to 30 or 60 minutes.
This timeout does not occur if the SSO option is disabled in the provisioning policy.
This is on Windows 365 not Azure VDI so there are no backend RDP server settings to change.
Also, if anyone at Microsoft is reading this why does it pop up 2 of the exact same message boxes at the same time for this disconnection message? Kind of annoying.
9 Replies
Currently there’s no supported way to extend that 15-minute lock timeout when SSO/MFA is enabled in Windows 365—it’s tied to passwordless auth limitations. The only workaround is to disable SSO in the provisioning policy until Microsoft provides more flexibility.
Since the local client calling the remote session can pass in credentials (SSO), can it also be made to pass in client system state, that is, that the local client's session is still active? It does not make sense to disconnect the remote host session when the client is still busy. It is not only annoying having to re-open the remote session when needed, but in the very process of disconnecting, the impact of the uncontrolled process changing a whole screen visually, distracts enormously from anything else I am concentrating on, in the main client computer. This has GOT to stop!
- Found this thread when we had the same issue. The Cloud PC (Windows 365) locked after 15 minutes, and the users where disconnected. When reconnecting the screen goes full screen and the users loose any customization of the screen windows. We were able to solve this with a new device configuration profile in Intune. Increasing the Device Lock timeout (Max Inactivity Time Device Lock).
Using Single Sign On function on Windows 365I know this is an old thread, but I have the same issue. I have created the config profile as mentioned and still our user sessions disconnect after 15 minutes.
I see the registry key change to the time I specified in the config profile. Just does not seem to work for me, unless they (MS) have implemented something else to force this 15 minute rule
jpope76 Hi, we are still using the same config with success:
When we struggled with this we did some testing to verify. Playing a long youtube video also kept the session from unlocking. (This is by design from MS, the sessions is active while the video is playing). Maybe you could use this test to see if there is something else locking the session.
Good Afternoon,
Unfortunately, the timeout for Windows Remote Desktop Client when the session is locked cannot be changed. This timeout is set by default to 15 minutes as a security measure to prevent unauthorized access to the session. The timeout is designed to disconnect the session when the user has been inactive for a certain amount of time and the session is locked.
If you need to extend the timeout to a longer period, you may consider using a different remote desktop solution that allows for longer timeouts or using a virtual desktop infrastructure (VDI) solution that provides a more flexible session timeout. Additionally, you can also configure the screensaver settings on the client machine to a longer timeout to prevent the session from locking. However, please keep in mind that these changes may also introduce security risks, so it's important to weigh the trade-offs and make decisions that align with your organization's security policies and procedures.
https://www.itms-us.com
- Thanks but changing the screen saver settings does not appear to do anything? As soon as the session locks we are disconnected from the session, which I understand is by design because of passwordless login. This disconnect can be annoying in the case of it being a secondary "screen" or session on a PC that is actively being used but the VDI is only used occasionally for specific tasks. If you are saying the RDP client is whats doing this I would love to use another client since we already have an RDP client we use for everything else but I don't know how to use a 3rd party RDP client with Windows 365. Do you?
