Microsoft will sign idle users out of Office web apps

Hybrid work puts corporate data at risk as employees use various devices to access company resources. Microsoft has worked to address that risk in Office web apps.

Microsoft has provided IT administrators with the option of logging workers out of Office web apps if they've been idle for a set amount of time. The feature will help businesses protect corporate data when people use shared, public or personal devices, the company said.

Microsoft began rolling out the capability this week. By the end of August, all corporate customers will have access to the feature on the Word, Excel, PowerPoint, Outlook, OneDrive and SharePoint web apps. Government agencies can access the feature later in the year.

IT administrators can set an idle time limit in the Microsoft 365 admin center. When employees hit the limit on a non-corporate device, they will see a pop-up notification giving them the option to remain signed in. If the user doesn't respond, the software will log them out.

The policy will apply to an entire organization, and administrators can't customize it for specific users or departments. It will not affect employees on company-issued devices.

The feature will not log users out if they are active in other Office web apps on the same browser. For example, suppose an employee has Outlook and Excel open in Google Chrome. In that case, they will remain logged in as long as there is an activity in one of the apps.

The Microsoft Outlook web app
Microsoft has released a feature to log idle users out of its web apps, like Outlook, on shared or unmanaged devices.

Microsoft has aimed this feature at the security challenges presented by hybrid and remote work. Employees often use personal laptops and shared computers to check their email or edit a Word document. Sensitive data could leak if workers fail to properly sign out of their apps.

The risk posed by remote work is a concern for IT professionals. Almost two-thirds of IT decision-makers expect to adopt new security products for remote work, according to a survey from tech media firm Foundry. Security professionals plan to invest more in zero-trust network access, secure access service edge, and multifactor authentication projects.

"Features such as session timeout can complement these initiatives," 451 Research analyst Raul Castañón-Martínez said.

Almost 40% of organizations worldwide plan to make their office space more flexible in the wake of the pandemic, according to real estate firm JLL. One option to free up space is hot desking, where employees work at shared desks instead of assigned ones. If workers forget to log out of a shared device at a hot desk, they could expose confidential information.

Google has a feature that lets companies set the length of time workers can remain signed into Workspace apps, such as Gmail. But it logs out workers even if they're on the app.

Mike Gleason is a reporter covering unified communications and collaboration tools. He previously covered communities in the MetroWest region of Massachusetts for the Milford Daily News, Walpole Times, Sharon Advocate and Medfield Press. He has also worked for newspapers in central Massachusetts and southwestern Vermont and served as a local editor for Patch. He can be found on Twitter at @MGleason_TT.

Dig Deeper on Application management

Virtual Desktop