Set directory-level inactivity timeout

The inactivity timeout setting helps to protect your resources from unauthorized access if users forget to secure their workstation. When a user has been idle for a while, their Azure portal session is automatically signed out. Admins in the Global Administrator role can enforce the maximum idle time before a session is signed out. The inactivity timeout setting applies at the directory level. For more information about directories, see Active Directory Domain Services Overview.

Configure the inactive timeout setting

If you’re a Global Administrator, and you want to enforce an idle timeout setting for all users of the Azure portal, follow these steps:

  1. Sign in to the Azure portal.

  2. Select Settings from the global page header.

  3. Select the link text Configure directory level timeout.

    Screenshot showing portal settings with link text highlighted

  4. A new page opens. On the Configure directory level inactivity timeout page, select Enable directory level idle timeout for the Azure portal to turn on the setting.

  5. Next, enter the Hours and Minutes for the maximum time that a user can be idle before their session is automatically signed out.

  6. Select Apply.

    Screenshot showing page to set directory-level inactivity timeout

To confirm that the inactivity timeout policy is set correctly, select Notifications from the global page header. Verify that a success notification is listed.

Screenshot showing successful notification message for directory-level inactivity timeout

The setting takes effect for new sessions. It won’t apply immediately to any users who are already signed in.


If a Global Administrator has configured a directory-level timeout setting, users can override the policy and set their own inactive sign-out duration. However, the user must choose a time interval that is less than what is set at the directory level by the Global Administrator.

Next steps