Configuring the 'keep me signed in' (KMSI) option requires one of the following licenses:
- Microsoft Entra ID P1 or P2
- Office 365 (for Office apps)
- Microsoft 365
You must have the Global Administrator role to enable the 'Stay signed in?' prompt.
How does it work?
If a user answers Yes to the 'Stay signed in?' prompt, a persistent authentication cookie is issued. The cookie must be stored in session for KMSI to work. KMSI doesn't work with locally stored cookies. If KMSI isn't enabled, a non-persistent cookie is issued and lasts for 24 hours or until the browser is closed.
The following diagram shows the user sign-in flow for a managed tenant and federated tenant using the KMSI in prompt. This flow contains smart logic so that the Stay signed in? option isn't displayed if the machine learning system detects a high-risk sign-in or a sign-in from a shared device. For federated tenants, the prompt will show after the user successfully authenticates with the federated identity service.
Some features of SharePoint Online and Office 2010 depend on users being able to choose to remain signed in. If you uncheck the Show option to remain signed in option, your users might see other unexpected prompts during the sign-in process.