Allow Global Session Timeouts for Office 365
I can appreciate the recent addition of a configurable session timeout for SharePoint Online, but there needs to be a way for admins to configure global timeouts for user sessions in Office 365. It is a requirement under NIST 800-171 guidelines that user sessions are timed out after a period of inactivity. For organizations that use Office 365 in the cloud, this is a problem as the supposed default timeout of 8 hours is not working properly. Testing with an unmanaged computer has shown that leaving a user logged into the "Home" page in Office 365 overnight does not trigger the session to expire, despite the user being inactive for over 16 hours.
I'm told that this would be done through the Azure portion of the Office 365 tenant and am posting here at the suggestion of an Azure support engineer.