Let us know if you have any questions, and head on over to the
Look for this new "Keep me signed in" prompt to start rolling out on the new sign-in experience in early October. For more on that topic, please see our recent blog post onĬhanges to default refresh token lifetimes We've done a significant amount of analysis on this topic and have concluded that increasing refresh token lifetime improves the user experience without reducing security posture. This change won't affect any token lifetime settings you have configured.īecause "Keep me signed in" drops a persistent refresh token, some members of the IT community have asked if this might alter the security posture of their organization. (Note: Existing configurations of this setting will carry forward, so if you previously chose to hide the "Keep me signed in" checkbox in your tenant, we won't show the new prompt to users in your tenant.) Users using the old experience will continue to see the checkbox and will not get the prompt.Īdmins can choose to hide this new prompt for users by using the "Show option to remain signed in" setting in , the updated "Keep me signed in" prompt will only show when users opt into the new sign-in experience. For federated tenants, this prompt will show after the user successfully authenticates with the federated identity service.Īnd for those of you who are security minded, you be happy to know that we've built a lot of smarts into this flow and the "Stay signed in?" option won't display if our machine learning system detects a high risk signin or a signin from a shared device. This is the same behavior that currently occurs when a user checks the "Keep me signed in" checkbox. If a user responds "Yes" to this prompt, the service gives them a persistent refresh token. This prompt asks the user if they'd like to remain signed in. We're replacing the "Keep me signed in" checkbox with a prompt that displays after the user successfully signs in.
As you might guess, most users cruise right past the check box and never think twice. We're also adding intelligence to ensure users are prompted to remain signed in only when it's safe to do so.įirst, as a quick refresher, here's what the existing "Keep me signed in" experience is like. So today I'm happy to share that we're improving how "Keep me signed in" option is shown to users. Nobody wants to have to signin to an app multiple times! But we know from talking to customers, that cutting down on the number of signin prompts is REALLY important. One way to reduce the frequency of prompts is to check the "Keep me signed in" checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. First published on CloudBlogs on Sep, 19 2017Ī common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD.