Microsoft Edge: Sign in to Edge with a Google account

🚨 The Signal: Microsoft Edge now allows signing in with a Google account, alongside Microsoft accounts. This introduces a new identity vector for browser profiles, potentially complicating identity management and data segregation for organisations.

The Impact

All users are affected by the option to sign in with Google accounts, increasing the risk of unmanaged data synchronisation and identity sprawl.

• End Users: May inadvertently sync corporate data to personal Google profiles.
• Security Teams: Increased complexity in monitoring and auditing browser profile identities.
• Admins: New policy required to prevent unapproved non-Microsoft account sign-ins.
• Compliance Officers: Potential for data exfiltration risks via unmanaged Google profiles.

The Action

1. Review existing browser management policies for Microsoft Edge.
2. Implement the 'NonMicrosoftAccountSignInEnabled' policy to 'Disabled' via Group Policy or Intune to prevent Google account sign-ins.
3. Communicate updated browser usage policies to end-users, emphasising the use of corporate Microsoft accounts.
4. Audit existing Edge profiles for any non-compliant Google account sign-ins.

Domain: Intune · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860