cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Edge should explain the privacy implications of signing into sync with a business O365 account

CharlieMan
Brass Contributor

‎Apr 24 2020 08:00 AM

‎Apr 24 2020 08:00 AM

Edge should explain the privacy implications of signing into sync with a business O365 account

It is possible (and beneficial?) to sign into Edge using a business O365 account. You get a nice O365 new tab page, and you can keep your work bookmarks separate from your personal ones.

 

However once you do this, your employer can now see your browsing history. Nothing is private in this profile, even if you are using a personal device. Edge makes no mention or warning of this, and could potentially lead to people unwittingly handing over sensitive personal browsing history, bookmarks, or other content to their employer. 

 

Sure, people should know that employers can see info on their work accounts and work computers. But its not as blatantly obvious if you want to sync your work bookmarks to your phone or home computer that the whole profile is now monitored. Also, not everyone is an InfoSec expert. People just won't think about this.

 

Thats not to say it is a bad idea to sign in with O365. It could be a great idea. But users need to be aware of the privacy implications of doing so, or they might absent mindedly make a browsing choice they regret later.

 

Edge should warn people about this before they complete the sync sign in process for a Business O365 account, and should repeat the warning on the Sync Settings page.

 

Assuming it's not hard to identify a Business account, it should be relatively easy to implement and it's the right thing to do.

 

---

As evidence, I asked MS Support about this topic. Chat excerpt below:

 

live chat w microsoft support.png

11.5K Views
1 Like
4 Replies
Reply
4 Replies

‎May 01 2020 05:04 PM

‎May 01 2020 05:04 PM

Re: Edge should explain the privacy implications of signing into sync with a business O365 account

@CharlieMan Thank you for sharing this thoughtful feedback. Data security is a top priority for us on the MS Edge team, so I've looped in our Enterprise Privacy team to make sure that you receive a more comprehensive answer.  Please keep an eye out for a response from them during the next business week.

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

2 Likes
Reply

‎May 19 2020 08:45 AM

‎May 19 2020 08:45 AM

Re: Edge should explain the privacy implications of signing into sync with a business O365 account

We appreciate your patience. Here's what our Privacy team wanted to pass along:

 

"Hi @CharlieMan , 

 

Thank you for bringing this question to the Edge team. We understand your concern. 

 

Multiple profiles in Microsoft Edge is a great feature for separating your work and personal browsing without needing multiple browsers. Your privacy matters a lot and Microsoft Edge is committed to protecting it. 

 

Your sync data is separated by the account associated with each Microsoft Edge profile. If you're syncing your browsing data to your O365 account managed by your organization (such as your employer or school), your employer may have the ability to access that data. If you're syncing your browsing data to your personal Microsoft account, your employer will not have access to that data. 

 

In addition, your employer may access your browsing data if your device is managed by your employer or if you are using employer-provided internet connection. If your device is managed by your organization (such as your employer or school), your organization may use centralized management tools provided by Microsoft or others to access and process your data and to control device settings (including privacy settings), device policies, software updates, data collection by us or the organization, or other aspects of your device. This is regardless of the browser you use. Microsoft Privacy Statement

 

We apologize for any confusion, but please let us know if this addresses all of your concerns and questions.

 

The team is working on making this content part of our published documentation, and we appreciate you bringing this to our attention!

 

Thanks,

Microsoft Edge Privacy"

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

1 Like
Reply
CharlieMan

‎May 19 2020 11:10 AM

‎May 19 2020 11:10 AM

Re: Edge should explain the privacy implications of signing into sync with a business O365 account

@Deleted thanks for the reply. This highlights exactly what my point was: Edge needs to warn people about this behavior.

 

If you're syncing your browsing data to your O365 account managed by your organization (such as your employer or school), your employer may have the ability to access that data. 

Sharing your entire browsing history with your employer (while in your work profile) has potentially serious privacy implications if the user isn't aware that it's happening.

 

I (now) know it does this. Will the average user know that nothing is private in their work profile, regardless of what device its on?

 

Repeating my feature suggestion because it's even more relevant given the response from the privacy team:

 

Edge should warn people about this before they complete the sync sign in process for a Business O365 account, and should repeat the warning on the Sync Settings page.

 

Assuming it's not hard to identify a Business account, it should be relatively easy to implement and it's the right thing to do.


I'm not saying it shouldn't be done. I'm just saying you should tell people before they make a mistake they regret.

 

When it comes to privacy, always over-communicate. Don't assume they know.

1 Like
Reply

‎May 19 2020 05:33 PM

‎May 19 2020 05:33 PM

Re: Edge should explain the privacy implications of signing into sync with a business O365 account

@CharlieMan Thanks for the quick follow-up. I brought your recommendation and response to the Privacy feature team, and they wanted to thank you for the great callout and appreciated your commitment to privacy.

 

We're always looking for ways to improve Microsoft Edge, so perspectives like this are highly valued.

 

Fawkes (they/them)
Project & Community Manager - Microsoft Edge

2 Likes
Reply