If the user doesn't log out from his profile he will still be logged on after restart of Edge and still can suffer from SSO to office.com without re-authentication.
I couldn't find any information if there is some kind of timeout for re-authentication for a logged in browser profile which would help to limit the impact of the described scenario besides enabling conditional access rules.
Could you help me out?
Edit: MS Edge on iOS seems to behave different to Edge on Win10. After signin into Edge on iOS i still have to authenticate when accessing office.com.