Ensure the option to remain signed in is hidden
Why This Matters
The "Stay signed in" or "Keep me signed in" option creates a persistent refresh token that lasts up to 90 days without requiring reauthentication. If a user selects this option on a shared or public computer, anyone with access to that browser profile can access the user's account including Microsoft 365 resources and data. Hiding this option reduces the risk of unauthorized access from unattended or shared devices.
What Aether365 Checks
Aether365 verifies that the Microsoft Entra ID company branding policy has the "Show option to remain signed in" setting configured to "No". This check appears in the Aether365 dashboard under the Entra ID category as a low severity finding.