AAD BrowserSignin on untrusted device and SSO to office.com

Highlighted
Occasional Contributor

Hello @fawkes and @Avi Vaid

 

Another issue related to https://techcommunity.microsoft.com/t5/discussions/password-protection-for-profiles/m-p/1497836?sear... which i'm struggling with:

 

From my experience profiles are always signedin after startup of Edge, even AAD profiles.

If it is not forbidden by Conditional Access as described in https://techcommunity.microsoft.com/t5/enterprise/azure-ad-conditional-access-for-edge-profile-sign-...to logon to Edge on untrusted devices it would be possible a user logs on to Edge using his AAD credentials +MFA and suffer from SSO, for example when accessing office.com.

If the user doesn't log out from his profile he will still be logged on after restart of Edge and still can suffer from SSO to office.com without re-authentication.

 

I couldn't find any information if there is some kind of timeout for re-authentication for a logged in browser profile which would help to limit the impact of the described scenario besides enabling conditional access rules.

Could you help me out?

 

Edit: MS Edge on iOS seems to behave different to Edge on Win10. After signin into Edge on iOS i still have to authenticate when accessing office.com.

 

Best regards

Joe

 

1 Reply
Highlighted

@Johannes Goerlich Thanks for reaching out! We've looped in the Enterprise team and will let you know if they have any insights to share.

 

Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge