Microsoft will implement changes to its authentication system in February 2024, allowing users to remain signed in to their accounts even after closing the browser. The announcement was made on the company’s technical support page.
Under the new policy, signing in to a Microsoft account via a browser or application on any device, including public computers, will automatically maintain the user’s session by default. This means that subsequent users of the same device could gain access to Outlook emails, OneDrive files, and search history.
This change poses potential security risks, as emails, cloud-stored files, and even search history may remain accessible to anyone using the device afterward. Microsoft suggests using the browser’s private browsing mode to avoid saving authentication data as a precaution.
The new feature mirrors Google’s account system, where users also remain signed in until they explicitly log out. To enhance security, Microsoft recommends enabling two-factor authentication, particularly when using public or shared devices.
While this update may prove convenient for users working exclusively on personal devices, as it streamlines access to services, it necessitates heightened caution when operating on public computers. Users are strongly advised to manually sign out to prevent unauthorized access.
Microsoft has not yet issued public statements explaining the rationale behind this change, but it is speculated that the company aims to simplify the user experience for those who frequently rely on browser-based services rather than standalone applications. The changes are expected to take effect on February 1, and Microsoft may introduce additional user notifications about the updated authentication policies.
