Release Notes for User Session Timeout Management

By Paul Liew, Principal Program Manager

April 10, 2019

Product
Dynamics 365 Customer Service

Content type
News and product updates

Applies to Dynamics 365 for Customer Engagement apps version 9.x
Applies to Common Data Service

The maximum user session timeout of 24 hours is being removed. This means that a user is not forced to sign in every 24 hours to use the Dynamics 365 for Customer Engagement apps and other Microsoft service apps, like Outlook, that were opened in the same browser session.

Honor Azure AD session policy

By default, the Dynamics 365 for Customer Engagement apps leverage the Azure Active Directory (Azure AD) session policy to manage the user session timeout. Dynamics 365 for Customer Engagement apps uses the Azure AD ID Token with Policy Check Interval (PCI) claims. Every hour a new Azure AD ID Token is fetched silently in the background and Azure AD enforces the Azure AD instant policy. For example, if an administrator disables or deletes a user account, blocks the user from signing in, and an administrator or user revokes the refresh token, the Azure AD session policy is enforced.

This Azure AD ID token refresh cycle continues in the background based on the Azure AD token lifetime policy configurations. Users continue to access the Dynamics 365 for Customer Engagement/Common Data Service data without needing to re-authenticate until the Azure AD token lifetime policy expires.

Resilience to Azure AD outages

In an event that there are intermittent Azure AD outages, authenticated users can continue to access the Dynamics 365 for Customer Engagement/Common Data Service data if the PCI claims have not expired or the user has opted in the ‘Stay signed in’ during authentication.

Set Custom Session timeout for individual environment

For environments that require different session timeout values, administrators can continue to set the session timeout and/or inactivity timeout in System Settings. These settings override the default Azure AD session policy and users will be directed to Azure AD for re-authentication when these settings expire.

For detailed information, see Security enhancements: User session and access management.

Paul Liew

Principal Program Manager

See more articles from this author

PublishedApr 17

2 min read

Create Dynamics 365 implementation projects easily with the new onboarding wizard
PublishedApr 10

2 min read

Monitor Copilot responses in Dynamics 365 Customer Service
PublishedApr 4

4 min read

Building digital trust in Microsoft Copilot for Dynamics 365 and Power Platform
PublishedApr 4

1 min read

Introducing timeline highlights powered by generative AI

Release Notes for User Session Timeout Management

Honor Azure AD session policy

Resilience to Azure AD outages

Set Custom Session timeout for individual environment

Related posts

Get started with Dynamics 365

Honor Azure AD session policy

Resilience to Azure AD outages

Set Custom Session timeout for individual environment

Related posts

Create Dynamics 365 implementation projects easily with the new onboarding wizard

Monitor Copilot responses in Dynamics 365 Customer Service

Building digital trust in Microsoft Copilot for Dynamics 365 and Power Platform

Introducing timeline highlights powered by generative AI