PAD in unattended mode on Azure VM auto-signs out every 24h despite idle/active sessions.

Like (0) Share

Report

Posted on 8 Jul 2025 04:29:07 by GS-08070407-0

We are running Power Automate Desktop (PAD) in unattended mode on an Azure VM, and the PAD application is getting automatically signed out every 24 hours, regardless of session activity (idle or active).

Initially, PAD was configured using a personal organizational account, but to address the issue, we switched to a dedicated service account.

For this service account: MFA is disabled A Conditional Access policy was updated in Azure Entra to adjust token expiration The service account was added to a group excluded from frequent MFA prompts and session sign-outs.

The refresh token is expected to remain valid indefinitely In addition, VM session limit and timeout settings have been reviewed and configured accordingly.

Despite these changes, PAD continues to sign out every 24 hours. We request urgent support to identify the root cause and help us maintain a persistent sign-in state for PAD in this unattended setup.

Categories:

Process Advisor

I have the same question (0)

All responses (1)

Answers (0)

Suggested answer

Riyaz_riz11 3,656 Super User 2025 Season 2 on 08 Jul 2025 at 05:00:13

Like (1)

Report
PAD in unattended mode on Azure VM auto-signs out every 24h despite idle/active sessions.

Hi,

1. Use PAD with Machine Runtime & Unattended Setup

Ensure you're using Power Automate Machine Runtime with these steps:

Use Power Automate Machine Runtime installer, not just PAD UI.

Register the Azure VM as a machine in Power Platform Admin Center.

Create a Machine Group if necessary.

Assign the service account with Unattended RPA license.

Cloud flows should trigger PAD flows via the “Run desktop flow” action.

This method does NOT require the PAD UI to be signed in persistently. It uses machine credentials and runs headless.

2. Avoid Opening PAD UI Manually

If the PAD application UI is opened and logged in manually, it will timeout after 24 hours even with no idle time.

Instead:

Schedule or trigger flows via Cloud flows.

Avoid using the PAD UI login unless actively debugging.

3. Review Entra ID Token Policies (If Still Needed)

Though you’ve already set these, verify:

Access token lifetime policy is NOT explicitly set to 24h.

If needed, use PowerShell to check token settings:

Get-AzureADPolicy

Also verify that Sign-in frequency in Conditional Access is:

Not set (defaults to indefinite) or

Set to "Every 30 days" or higher for the excluded service account group.

4. Optional – Use Hybrid Join (If Cloud-Only Is Failing)

If your Azure VM is Azure AD Joined only, try converting it to Hybrid Azure AD Join (i.e., also joined to local AD + Entra ID). This can improve token caching and persistent login behavior.

If I have answered your question, please mark it as the preferred solution ✅ . If you like my response, please give it a Thumbs Up 👍.
Regards,
Riyaz

Was this reply helpful? Yes No