Microsoft 365 Message Center ArchiveM365 Archive
Message Center

MC1404315Microsoft Teams for the web will respect Microsoft Entra “Keep Me Signed In” (KMSI) settings

Summary

Microsoft Teams for the web will respect Microsoft Entra ID's "Keep Me Signed In" (KMSI) settings starting late June 2026. Sessions will persist only if users choose to stay signed in; otherwise, sessions clear on browser close, enhancing security on shared devices. No immediate action is required.

More information

What and Why

We are updating Microsoft Teams on the web to align with Microsoft Entra ID “Keep Me Signed In” (KMSI) behavior. This change improves security by ensuring that Teams web sessions respect users’ explicit sign-in preferences. If a user does not choose to remain signed in, Teams will no longer persist browser sessions, reducing the risk of unauthorized access on shared or unmanaged devices.

Rollout Schedule

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in late June 2026 and expect to complete by late July 2026.

Impact on Your Organization

Who is affected:

  • All users accessing Microsoft Teams via a web browser
  • Organizations with specific security or compliance requirements for session persistence

Platforms/Services:

  • Microsoft Teams (web)
  • Microsoft Entra ID authentication experience

What will happen:

  • Teams web will respect the Microsoft Entra KMSI selection during sign-in.
  • If users select “Yes” (stay signed in):
    • Session behavior remains unchanged.
    • Users stay signed in across browser sessions.
  • If users select “No” or do not respond to KMSI:
    • Local authentication tokens and cached session data are cleared when the browser closes.
    • Users must sign in again in a new browser session.
  • On managed devices:
    • Users may be automatically authenticated using device credentials.
    • The KMSI prompt may still appear unless suppressed by tenant settings or Conditional Access policies.
  • Tenants using Seamless SSO or AD FS (Integrated Windows Authentication):
    • Will continue to bypass the KMSI prompt.
    • Sign-in persistence is controlled by the existing SSO configuration.
  • This behavior is enabled by default and respects existing tenant configurations.

Action Required / Recommendations

No immediate action is required. However, we recommend the following:

  • Review your Microsoft Entra ID KMSI configuration and user guidance.
  • Inform users that Teams web sessions may no longer persist unless “Stay signed in” is selected.
  • Evaluate Conditional Access policies or persistent browser session controls if needed.
  • Update internal documentation or helpdesk scripts to reflect this change.

Learn more: Manage the “Stay signed in” prompt in Microsoft Entra ID

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.