Group Writeback enables the synchronization of Microsoft 365 groups with your on-premises AD through Microsoft…
Microsoft 365 disable stay signed in prompt
How to disable Microsoft 365 stay signed in prompt? We all have seen it when signing in to Microsoft 365, a prompt shows if you want to stay signed in Microsoft 365. For security reasons, it’s better to turn off Microsoft 365 stay signed in prompt. For the ones that do not want to show that prompt because it’s irritating, that would work too. In this article, you will learn how to turn off Microsoft 365 stay signed in prompt.
Table of contents
Microsoft 365 stay signed in prompt security risk
Why is this a security risk? For example, the user signs in to Microsoft 365 and clicks on Yes when the prompt appears. When finished working, the user did not click the Sign Out button. Most of the users close the browser and quit.
When closing the browser and opening the Microsoft 365 portal, you are still signed in without entering the credentials. What if it’s a public computer? That means another random person will have access to your confidential emails, documents, and more.
Important: Warn the users in the organization about not using a shared computer when accessing the Microsoft 365 portal. If they don’t have many options and have to sign in, use the Sign Out button when done with working. Closing a browser is not the same as signing out.
Microsoft 365 stay signed in prompt
Users sign in to the Microsoft 365 portal. After they enter their credentials, the users get a prompt:
Stay signed in? Do this to reduce the number of times you are asked to sign in. Don’t show this again. No/Yes.
Disable Microsoft 365 stay signed in prompt
To turn off the Microsoft 365 stay signed in prompt after a user signs in, follow the below steps:
- Sign in to Microsoft Entra admin center using a Global administrator account
- Click on Identity > Users > User settings
- Go to the setting Show keep user signed in, and set it to No
- Click Save
The users will not get the prompt to stay signed in Microsoft 365 after entering their credentials.
Note: The sessions will remain active if the users have already accepted the stay signed in prompt. The best way is to revoke all users’ access by signing them out from all their Microsoft 365 sessions. Read more in the article Force sign-out users in Microsoft 365 with PowerShell.
Disable Microsoft 365 stay signed in prompt with Conditional Access policy
You can disable the stay signed in prompt with a Conditonal Access policy. However, using Conditional Access policies means that you need Microsoft Entra ID P1 or Microsoft Entra ID P2.
To disable Microsoft 365 stay signed in prompt with Conditional Access policy, follow the below steps:
- Sign in to Microsoft Entra admin center using a Global administrator account
- Click on Protection > Conditional Access
- Click on + Create new policy
- Give the policy the name Disable stay signed in prompt
- Select All users
- Target All cloud apps
- Select Persistent browser session – Never persistent
- Enable the policy
- Click Create
Verify your work
Test it out by clearing the browser cache and starting the browser. You don’t see the stay signed in prompt after entering your credentials, and you have to sign in every time you restart the browser. Another way to test is to open a private window and sign in.
Did it help you to disable the Microsoft 365 stay signed in prompt?
Keep reading: How to Restrict access to Microsoft Entra admin center »
Conclusion
You learned how to disable Microsoft 365 stay signed in prompt. If you have Microsoft Entra ID Free, use the first method. Security-wise, it’s good to turn off Microsoft 365 stay signed in prompt setting, and keep the organization’s security in good shape.
Did you enjoy this article? You may also like Get Office 365 activity alerts when user signs in. Don’t forget to follow us and share this article.
What Others Are Reading
Hi,
Can this be set to no for a specific Azure AD SSO connection? For example, we use Azure AD (Sorry, trying to get used to Entra) as the authentication source for our VPN software. I want to disable this feature for VPN only.
Thanks
Is it possible to remove “Keep me signed in” and enable “Always Persistant” on managed devices?
I tried to include AADJ and set “Always Persistant” in my conditional access policy, but it still prompt for reauthentication after closing the browser… Thank you
If your browser gets a persistent cookie and still asks for reauthentication, then i think there is a problem with your browser settings. Normally managed devices does have a registered work- and schoolaccount which your browser uses, indepently of the cookie. For this, the browser must be able to establish a connection to this account. If it doesn’t, check this:
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#supported-browsers
There is a way to do this for only one user?
Yes, with a Conditional Access policy (see the article).
How can I be 100% sure that all of the users who used the stay sign in functionality, have been logged out after the option has been disabled?
The best way is to Force sign-out all users in Microsoft 365.
It worked! I can’t believe it. I’ve been searching for this answer forever. You are awesome.
Great tip!