Microsoft is implementing a significant change to its account authentication system starting in February 2025. Under the new system, users remain signed in to all sessions unless they explicitly sign out.
To better understand the change, It’s worth looking at how sign in is currently handled by Microsoft. When you sign in to a Microsoft account in a web browser, a “Stay signed in” prompt is displayed after you provide a username, password, and optional two-factor authentication verification.
tip: Check out our reviews of the best authenticator apps for Android and iOS.
When you decline, you remain signed in only for the session. When you accept it, you also stay signed in to all sessions. This sign is ending from February.
here are the details:
- This change affects all Microsoft services, including Outlook, OneDrive, Microsoft 365, and other services and products that support login.
- A new global sign out option is available.
security implications
Although this change may seem minor at first glance, it can have serious consequences on shared or public computer systems.
Here, it is necessary to explicitly sign out, because otherwise the next user can access the Microsoft account and linked services.
One way to do this is to use the browser’s private browsing mode on shared or public computer systems. Sign in and any other activity is kept only for the browsing session. Once you close the browser, all data, including Microsoft account data, is no longer available.
Microsoft also suggests using private browsing on devices you don’t own on the sign in page.
The best option is to avoid signing in to any services on computers or devices that you don’t have complete control over.
global sign out option
Microsoft customers who forget to sign out on systems that others have access to can trigger a global sign out to force a sign out on all systems.
Here’s how it works:
- open it Microsoft support page,
- Select the “Sign In” button on the page. A new page opens asking you to sign in, if you haven’t already.
- Scroll down on the Additional Security Options webpage until you reach the Sign out Everywhere section.
- Activate the Sign Out Everywhere link.
- Confirm the prompt by selecting “Sign Out.”
Microsoft notes that this may take up to 24 hours. In other words, there is a 24-hour window in which other people can still access Microsoft account-related services on other devices.
concluding words
This change mostly affects Microsoft customers who sign in to their accounts on public or shared devices. Other people may also be affected, but to a lesser extent.
What is your opinion on the change? How do you handle signing in on the web? Feel free to leave a comment below.
Thanks for reading..
