Microsoft is currently previewing a new “Keep me signed in” Azure Active Directory sign-in experience for end users.
It’s a subtle change. Microsoft removed the “Keep me signed in” checkbox from its main Office 365 login page. Users instead now see a few dialog boxes. There’s a sign-in dialog box to enter their e-mail addresses, followed by a password dialog box. Upon successful authentication, the next dialog box that appears will be a “Stayed signed in” No/Yes option.
The new login experience is shown in the following diagram:
The new experience is at the preview stage now, but Microsoft plans to roll it out to organizations starting in “early October,” according to its announcement.
Possibly, all Office 365 tenancies are getting the new preview experience. Microsoft’s announcement stated that “the updated ‘Keep me signed in’ prompt will only show when users opt into the new sign-in experience,” which seems to imply that end users are seeing the option now.
The new “Keep me signed in” prompt can be hidden, though.
“Admins can choose to hide this new prompt for users by using the ‘Show option to remain signed in’ setting in company branding, Microsoft’s announcement explained.
The new sign-in experience delivers a so-called “persistent refresh token.” Microsoft hasn’t found a correlation between longer lasting refresh tokens and any increase in compromised accounts, so that’s partly why it’s proceeding with the new login experience. The main reason for the change, though, was that users were mostly ignoring the “Keep me signed in” checkbox.
Last month, Microsoft explained that point of view regrarding refresh tokens. Microsoft indicated it had increased the spans of refresh tokens, but only for new Azure AD accounts. Under that new scheme, users have to get a new refresh token if their account has been inactive for 90 days.
Microsoft lately has tended to push down such new user experience changes for Azure AD users. Last month, for instance, it delivered a preview of a new user login experience designed to make login portal branding seem less jarring between screens. It gave notice of the change back then after an earlier push down had caught organizations by surprise.