Windows 365 disconnects on lock, possible to change timeout?

Copper Contributor

We enabled the SSO/MFA preview and now when our Windows 365 RDP sessions time out they are booting the user off of the RDP session with the message "Windows Remote Desktop Client - You were disconnected because your session was locked." This is apparently by design because of the ability to use passwordless authentication and the fact the lock screen can't support this. The timeout appears to currently be 15 minutes which is fairly short if the VDI is not your only system you are working in. I am wondering if anyone knows of a way to extend this timeout to 30 or 60 minutes.

 

This timeout does not occur if the SSO option is disabled in the provisioning policy.

 

This is on Windows 365 not Azure VDI so there are no backend RDP server settings to change.

 

Also, if anyone at Microsoft is reading this why does it pop up 2 of the exact same message boxes at the same time for this disconnection message? Kind of annoying.

7 Replies

@CM42 

 

Good Afternoon,

 

Unfortunately, the timeout for Windows Remote Desktop Client when the session is locked cannot be changed. This timeout is set by default to 15 minutes as a security measure to prevent unauthorized access to the session. The timeout is designed to disconnect the session when the user has been inactive for a certain amount of time and the session is locked.

If you need to extend the timeout to a longer period, you may consider using a different remote desktop solution that allows for longer timeouts or using a virtual desktop infrastructure (VDI) solution that provides a more flexible session timeout. Additionally, you can also configure the screensaver settings on the client machine to a longer timeout to prevent the session from locking. However, please keep in mind that these changes may also introduce security risks, so it's important to weigh the trade-offs and make decisions that align with your organization's security policies and procedures.

 

IT Master Services 

Thanks but changing the screen saver settings does not appear to do anything? As soon as the session locks we are disconnected from the session, which I understand is by design because of passwordless login. This disconnect can be annoying in the case of it being a secondary "screen" or session on a PC that is actively being used but the VDI is only used occasionally for specific tasks. If you are saying the RDP client is whats doing this I would love to use another client since we already have an RDP client we use for everything else but I don't know how to use a 3rd party RDP client with Windows 365. Do you?
Found this thread when we had the same issue. The Cloud PC (Windows 365) locked after 15 minutes, and the users where disconnected. When reconnecting the screen goes full screen and the users loose any customization of the screen windows. We were able to solve this with a new device configuration profile in Intune. Increasing the Device Lock timeout (Max Inactivity Time Device Lock).
Using Single Sign On function on Windows 365

@Joachim500 

 

I know this is an old thread, but I have the same issue. I have created the config profile as mentioned and still our user sessions disconnect after 15 minutes.

 

I see the registry key change to the time I specified in the config profile. Just does not seem to work for me, unless they (MS) have implemented something else to force this 15 minute rule

@jpope76 Hi, we are still using the same config with success:

Joachim500_0-1713963501565.png
When we struggled with this we did some testing to verify. Playing a long youtube video also kept the session from unlocking. (This is by design from MS, the sessions is active while the video is playing). Maybe you could use this test to see if there is something else locking the session.

 

@Joachim500

That is the exact same setting I have as I mentioned, but it still disconnects after 15 minutes. I have it set to 2 hours.
Can't really tell users to keep playing youtube clips to keep their session active, though that does keep it from locking from testing.

@jpope76 , @CM42 , @Joachim500 , @Mark_Albin - Hi folks!

 

Actually, to prevent the Remote Desktop session from disconnecting without input, apply the following configuration (through Settings Catalog):

  • Path: Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
  • Setting: Set time limit for active but idle Remote Desktop Services sessions

The easy search term is active but idle. You then have options for what to configure it to, and you can apply it to the user or the device. Please let me know if this works for you!

 

Christian_Montoya_0-1714144191503.png