How can you reduce the times that you request a user to repeatedly sign in to Office 365 and Azure AD? Use the “Keep me signed in” checkbox, although Microsoft says that the usage of this checkbox is low. But anyway, users should be happy, and this is why the Azure AD team tries to improve the whole process.
So we have a new feature in preview and this is how it works: they replaced the usual checkbox with a prompt that will ask the user if they’d like to remain signed in. If a user responds “Yes” to this prompt, the service gives them a persistent refresh token.
(By the way, this process is related to the change in the token lifetime that was announced a few days ago, take a look at this article.)
Just take a look at the picture above to understand how it will work. If you have a federation trust with Azure AD, you’ll get this prompt just after the proper authentication against your local federation identity service (ADFS).
As soon as you type your password, you’ll be asked if you want to remain signed in. And if you care about security, there is a lot of machine learning and intelligence built-in, in case you use a shared device to sign in.
The updated prompt will only show when you use the new sign-in experience. Admins can choose to hide this new prompt for users by using the “Show option to remain signed in” setting in company branding:
Remember the changes in the token lifetime we discussed before? This change won’t affect any token lifetime settings you have configured.
Thanks for your time!