By default, Microsoft Dynamics 365 Government sets a user session timeout of 8 hours. A user is not required to log in with their credentials for up to 8 hours regardless of whether the user was active or inactive.
With the implementation of the Security enhancements: User session and access management, you can now set your own session timeout limit for your individual Dynamics 365 instances.
For greater flexibility and better customer experience, we are moving the maximum session timeout duration from 8 hours to 24 hours. This would allow you to set a custom session timeout duration between 1 hour and 24 hours.
If you need to maintain the 8-hour session timeout duration, you will need to set a custom session timeout for all your Dynamics 365 instances.
Please refer to FedRAMP guidance on recommended activity and session timeout parameters for your organization.
Please see highlights of these enhancements in the following video: Security Enhancements: User session management.