Need Keep Me Signed In Back in 365

C.Wade · ‎09-27-2018

Our use case is a bit odd but here we go:
We use a script called OneDriveMapper in Citrix to map users’ OneDrives to a virtual drive which minimizes redundant caching of files. OneDriveMapper makes use of session tokens stored in IE to authenticate to 365 - not a problem with Duo as we bypass MFA while in Citrix.

The problem we’ve come across is that some users are no longer prompted with “Keep Me Signed In” on the 365 login page meaning the token is not generated thus as user passwords are expiring so are the tokens, breaking the drive mapping.

Is it possible to bring back KMSI? We do not federate on-premises so the usual ADFS config change to turn on KMSI won’t work.

DuoKristina · ‎09-28-2018

Are you using the Duo custom control for Azure AD conditional access. I don’t believe that the Duo control itself has any effect on Azure’s KMSI functionality. Have you tried playing with Azure’s token lifetimes? https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes
https://blogs.technet.microsoft.com/enterprisemobility/2017/08/31/changes-to-the-token-lifetime-defaults-in-azure-ad/

Duo, not DUO.

Need Keep Me Signed In Back in 365

ThousandEyes Enterprise Agent: How to Renew a Self-Signed Certificate

ACI: Remote Leaf で back-to-back の冗長経路利用時に一部の tunnel が落ちる

Umbrella: Microsoft 365 のテナント制御 (コントロール) について

[Tetration] Signed Script 実行時の 401 Unauthorized エラー

Using ThousandEyes Internet Insights to Monitor Office 365 Outages