Applies to Dynamics 365 for Customer Engagement apps version 9.x
Applies to Common Data Service
The maximum user session timeout of 24 hours is being removed. This means that a user is not forced to sign in every 24 hours to use the Dynamics 365 for Customer Engagement apps and other Microsoft service apps, like Outlook, that were opened in the same browser session.
Honor Azure AD session policy
By default, the Dynamics 365 for Customer Engagement apps leverage the Azure Active Directory (Azure AD) session policy to manage the user session timeout. Dynamics 365 for Customer Engagement apps uses the Azure AD ID Token with Policy Check Interval (PCI) claims. Every hour a new Azure AD ID Token is fetched silently in the background and Azure AD enforces the Azure AD instant policy. For example, if an administrator disables or deletes a user account, blocks the user from signing in, and an administrator or user revokes the refresh token, the Azure AD session policy is enforced.
This Azure AD ID token refresh cycle continues in the background based on the Azure AD token lifetime policy configurations. Users continue to access the Dynamics 365 for Customer Engagement/Common Data Service data without needing to re-authenticate until the Azure AD token lifetime policy expires.
Resilience to Azure AD outages
In an event that there are intermittent Azure AD outages, authenticated users can continue to access the Dynamics 365 for Customer Engagement/Common Data Service data if the PCI claims have not expired or the user has opted in the ‘Stay signed in’ during authentication.
Set Custom Session timeout for individual environment
For environments that require different session timeout values, administrators can continue to set the session timeout and/or inactivity timeout in System Settings. These settings override the default Azure AD session policy and users will be directed to Azure AD for re-authentication when these settings expire.
For detailed information, see Security enhancements: User session and access management.