by Char Hunt | TechChurn Senior Staff Writer

February 2, 2025

Microsoft says it will keep users automatically signed in starting in February 2025

A few weeks ago, Microsoft quietly announced that it’s planning to change the sign-in experience for personal Microsoft accounts on the web in February 2025. Starting this month, users will no longer see the option to stay signed in or not after entering their credentials, which means that they will need to be more careful when using devices they don’t own.

“The web browser sign-in experience is changing when you sign in to any product or service using your Microsoft account. Starting in February 2025, you will stay signed in automatically unless you sign out or use private browsing,” the company explained in a support page.

Yep — you read that correctly…

Once the change goes into effect, the sign-in experience will be very different. The software juggernaut recommends users accessing their Microsoft account on a device they don’t own to either sign out when they’re done or use a private browsing window. The latter prevents history, cookies, and other site data from being saved on the device.

This means that if you sign into your Microsoft account to check your emails in Outlook or access your OneDrive on a public computer (or a perhaps that of a colleague, or a friend’s device) you'll no longer be automatically signed out afterwards -- even if you close the browser entirely.

In short, your emails, cloud files, and even your search and browsing history will remain accessible to anyone who uses that device.

It potentially leaves your personal data vulnerable.

According to Microsoft, users will be able to circumvent the new sign-in setting by accessing their account while using the private browsing feature on their browser of choice.

So far, Microsoft is implementing this change for less than transparent reasons. However, it will likely take time for people who regularly access their Microsoft account on other devices to get used to it

In any case, the Microsoft account security dashboard makes it possible for users to sign out of apps, browsers, and anywhere else their account is used to sign in.

I know.. it's a strange shift from Microsoft

The real question: why?

Automatically signing out in-browser users is a common staple of many software accounts, especially those that might be accessed from multiple devices.

Personally, the need to log into multiple accounts it the start a normal work day morning. Shouldn't it be an opt-in feature instead of the new default. The potential security risks are notable and I'm guessing the change will be active from February 1st.

Microsoft could introduce a new pop-up or warning message informing users that they won’t be logged out automatically when they close the window unless they’re using private browsing. A friend did notice the prompt earlier this week. (I suppose more of the same will follow.)

If I had to guess, I’d say that this move is for the convenience of frequent users; although dedicated desktop apps for software like Outlook and OneDrive exist, there’s no doubt that a large cohort of Microsoft account holders would like to keep things old-school and access their emails and cloud storage via a browser instead. I get it — Gmail doesn’t have a standalone desktop app for Windows, but I’d probably still just open it in a browser tab anyway, even if it did.

But, it’s important to note that Microsoft's upcoming change seems to replicate the way Google accounts already work, meaning the same potential security issues apply here.

What does that mean for you?

In a similar fashion, if you don't have two-factor authentication activated, and your leave your Google account logged in on a device, you effectively remain signed in unless you log out, or use private browsing.

If you like this and other posts then you might want to subscribe.

Whichever you decide, thank you for reading!

Refer a friend