check before: 2026-01-01
Product:
Exchange, Microsoft 365 Apps, Microsoft 365 for the web, Outlook
Platform:
Online, US Instances, Web, World tenant
Status:
Change type:
User impact, Admin impact, Retirement
Links:
Details:
Summary:
Outlook on the web's activity-based timeout (ABT) will retire by January 2026 (February for GCC/DoD). Admins must enable Microsoft 365 idle session timeout for consistent session control across apps. Users won't auto-sign out without it. Prepare by reviewing ABT use, enabling the new timeout, and updating documentation.
Details:
Outlook on the web activity-based timeout is retiring
To simplify session timeout management and improve consistency across Microsoft 365 apps, we're retiring the activity-based authentication timeout (ABT) setting for Outlook on the web. Admins should transition to the Microsoft 365 idle session timeout, which provides a unified experience across supported Microsoft 365 web applications.
When this will happen:
The retirement will roll out in phases based on cloud environment:
Worldwide: Early January 2026 to late January 2026
GCC, GCCHigh, and DoD: Early February 2026 to late February 2026
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-02
updated:
2025-10-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Session Management
Without enabling the Microsoft 365 idle session timeout, users will remain signed in indefinitely, increasing the risk of unauthorized access to sensitive information if devices are left unattended.
- roles: End Users, IT Security Team
- references: https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout, https://learn.microsoft.com/microsoft-365/admin/security-and-compliance/idle-session-timeout?view=o365-worldwide
User Experience
Users may experience confusion or frustration due to unexpected session persistence, leading to potential security concerns and lack of clarity on session management policies.
- roles: End Users, Helpdesk Support
- references: https://support.microsoft.com/topic/activity-based-authentication-timeout-for-outlook-on-the-web-in-office-365-0c101e1b-020e-69c1-a0b0-26532d60c0a4
Compliance Risks
Failure to implement the new timeout settings may lead to non-compliance with internal security policies, exposing the organization to potential data breaches.
- roles: Compliance Officers, IT Security Team
- references: https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout
Documentation Gaps
If internal documentation is not updated to reflect the new timeout policy, users and support teams may lack guidance on managing session timeouts effectively.
- roles: IT Documentation Team, Helpdesk Support
- references: https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout
Increased Support Tickets
The lack of automatic sign-out may lead to an increase in support tickets related to session management and security concerns from users.
- roles: Helpdesk Support, IT Support Team
- references: https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#details-about-idle-session-timeout
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
