Introduction #
SharePoint Online Idle session timeout provides a threshold at which a user is warned and subsequently signed out of SharePoint or OneDrive after a period of inactivity.
Idle session sign-out is one of the policies you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe regardless of where users access the data or what device they’re working on.
License Requirements #
This feature relies on Azure AD Conditional Access policies being available.
- Azure AD Premium P1
- Azure AD Premium P2
User Impact #
Low
When a user is inactive in SharePoint and OneDrive for a period of time you specify, the following message appears:

*Activity is counted as requests sent to SharePoint, such as mouse clicks. Moving the mouse and scrolling are not counted as activity.
If users don’t select Continue, they are automatically signed out, and the following message appears.

Secure Score Impact #
https://security.microsoft.com/securescore?viewid=actions&actionId=spo_idle_session_timeout
Admin Portal Reference #
In the Microsoft 365 Admin Center;
- Go to SharePoint Online Admin Center
- Go to the Access control page of the new SharePoint admin centre
- Select Idle session sign-out
- Turn on Sign out inactive users automatically, and then select when you want to sign out users and how much notice you want to give them before signing them out.
- Click Save

If Action is set to Notify #
We report the setting is compliant if Sign out inactive users automatically is turned on and Sign out users after: and Give users this much notice before signing them out match the parameters in MSPMagic.
We report the setting is non-compliant if Sign out inactive users automatically is turned off, or Sign out users after or Give users this much notice before signing them out do not match the parameters in MSPMagic.
If Action is set to Enforce #
We report the setting is compliant if Sign out inactive users automatically is turned on and Sign out users after: and Give users this much notice before signing them out match the parameters in MSPMagic.
We report the setting is compliant-fixed when MSPMagic has to set Sign out inactive users automatically on, or Sign out users after or Give users this much notice before signing them out to match the parameters in MSPMagic.