Dec 08 2023 06:26 AM
What is the default time period for this policy in Conditional access policy for Idle Session timeout" policy as I was looking for way to create this policy for unmanaged devices in the tenant and when I checked it there is not filter or checkbox where we can enter or give time period for idle sessions on unmanaged devices?
Here is the link I was looking for to created the policy for unmanaged devices: https://learn.microsoft.com/en-us/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365...
See below snap
Dec 08 2023 10:00 AM
To use that you need to set the idle timeout in the 365 admin center first. Go to Settings > Org settings > Security Privacy tab > Idle session timeout.
This is what will be used when you set the conditional access policy.
This is one of the CIS Microsoft 365 benchmarks if you want to see more about the configuration: https://www.cisecurity.org/benchmark/microsoft_365
Dec 11 2023 05:59 AM
I wanted to set this policy for unmanaged devices only and as per the link which I shared in the question about unmanaged devices only and what is the timeout for it and how we can change or customize it?
Dec 11 2023 07:58 AM
Dec 13 2023 12:36 AM - edited Dec 13 2023 12:52 AM
How we are going to target unmanaged devices in this created conditional access policy by creating filter under platform or what because if we apply this policy to all the users then how its going to determine which device is this policy for? As we did not add any filter or targeted such unmanaged devices?
Also if we wanted to increase the idle session timeout for managed devices lets say 3 hours and unmanaged devices 1 hour then how we are going to do this with both policies in M365 admin and Conditional access policy?
Jan 08 2024 11:02 PM
Hi,
I can see this in below given link about Idle session timeout but it seems its for non-company or shared devices but it does not clear whether its going to target unmanaged devices as well or what and seems confusing here.
See below snap
Idle session timeout for Microsoft 365 - Microsoft 365 admin | Microsoft Learn
Jan 18 2024 06:58 AM
Jan 25 2024 01:14 AM
Feb 01 2024 08:45 AM
The documentation states we need to enable the CA policy and check "app enforce restrictions" inside "session" blade... according to the documentation by doing this, the "magic" happens under the hood... (I am testing this as well, will share results soon)
"When selected, the cloud app uses the device information to provide users with a limited or full experience. Limited when the device isn't managed or compliant and full when the device is managed and compliant"
Organizations can use this control to require Microsoft Entra ID to pass device information to the selected cloud apps. The device information allows cloud apps to know if a connection is from a compliant or domain-joined device and update the session experience. When selected, the cloud app uses the device information to provide users with a limited or full experience. Limited when the device isn't managed or compliant and full when the device is managed and compliant.
Pablo Valentini (Valenta)
Nebulan Latam