Skip to content

Secure your Azure Management portal

Today a quick tip to secure your Azure Management Portal. By default, the inactivity timeout of the Azure Management portal is set to ‘Never’. From a security perspective, this is far from ideal. This small setting can be easily overlooked. It’s a good idea to configure this for your tenant.

Administrators can set this value themselves. Global administrators are able to set this value globally. When configuring this setting, your administrators will be logged out when they are inactive for a period of time. You can change this setting from the Settings pane in the Azure portal.

An overview of the portal settings
  1. Set the time-out on directory level
  2. This is the time-out setting per user

Enable directory level idle timeout

To set the time-out on directory level, click “Configure directory level timeout” from the Settings pane in the Azure portal. Here you can set the value, for example, 30 minutes.

Override the directory inactivity timeout policy

New sessions will now honor the new default time-out. Administrators can override this setting, but only with a value less than de directory default.

Update 16-06-2020 (MCAS Portal)

When using Microsfot Cloud App Security, you can set the time-out for the portal in the settings pane.

Setting this time-out for your users is another step in the right direction in order to tighten the level of security in your environment. Stay safe!

Leave a Reply

Your email address will not be published. Required fields are marked *