Microsoft is about to make a major change to how sign-ins work within web browsers. Starting February 2025, you will automatically stay signed in to your Microsoft account. This is a significant change from the current behavior, which would sign out automatically after 24 hours.
The change aligns Microsoft more with Google, which already leaves accounts logged in. But that alignment is not necessarily a good thing. Google has been criticized for this behavior, and Microsoft will likely see some pushback.
The change will save some time for those who use Microsoft accounts on personal computers or within any secure environment. However, unless someone knows about the change, the new behavior could also increase security risks surrounding a Microsoft account.
It's good practice to explicitly sign out of your Microsoft account and other accounts after you've finished using a public or shared PC, but there was a built-in failsafe for those who did not sign out. Signing in an account by accident still leaves your details vulnerable for 24 hours, but after that, your account will be signed out automatically.
Alternatively, you can use private browsing. Microsoft recommends that route as a more secure way to use a public or shared PC.
Microsoft almost rolled out the change without a clear and obvious notification to users. A short note on a Microsoft support document highlights the change, but that page is unlikely to be seen by many. But Microsoft has added a notification within Outlook on the web.
Outlook now shows a warning that states, "Your sign-in experience is changing. You'll stay signed in unless you use private browsing or explicitly sign out."
If you leave a browser signed in to your account on a PC or anywhere else, you can sign out of your Microsoft account remotely. This can be done through advanced security options within the Microsoft account security dashboard. Microsoft also has a guide on how to manage devices that use your Microsoft account.
