537277 – Microsoft Edge: Password affiliation service

Product:

Microsoft Edge

Platform:

Web, World tenant

Status:

In development

Change type:

Links:

Details:

Password autofill suggestions in Edge are currently based on top-level domain matching, which means the same credentials can be suggested on sites like account.microsoft.com and office.microsoft.com. With this feature, Edge groups related domains together across various desktop and mobile properties called affiliations. When a customer visits a URL, the Edge client will query the affiliations backend to obtain “affiliated groups” for that URL. The process involves sending a hash of the visited URLs to the service, which then returns a list of affiliated URLs and ensures that the relevant credentials will be displayed in the autofill suggestions across affiliated domains. Admins can control access to this feature using the PasswordManagerEnabled policy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-12-18

updated:
2025-12-18

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Password Autofill Security Risks
If the change is implemented without preparation, users may experience security risks due to incorrect autofill suggestions across affiliated domains, potentially leading to credential leakage or phishing attacks.
   - roles: End Users, IT Security Administrators
   - references: https://www.csoonline.com/article/3531230/the-risks-of-password-autofill.html, https://www.zdnet.com/article/how-to-secure-your-passwords-in-2023/

User Experience Disruption
Unprepared changes may lead to confusion among users when incorrect credentials are autofilled, resulting in failed logins and frustration, negatively impacting productivity.
   - roles: End Users, Help Desk Support
   - references: https://www.forbes.com/sites/bernardmarr/2021/01/25/the-importance-of-user-experience-in-technology/?sh=5c1c1c1e7b5d, https://www.nngroup.com/articles/why-user-experience-matters/

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you have a set of keys that open different doors in a building. Each key is labeled with the name of the door it opens. Now, imagine you have two doors, one labeled "Main Office" and another labeled "Conference Room," and both are part of the same building. In the past, you might have needed separate keys for each door, even though they are part of the same structure.

In the digital world, this is similar to how password autofill worked in web browsers like Microsoft Edge. Previously, passwords were suggested based on the exact website you were visiting, much like needing a specific key for each door. For example, if you had a password saved for "account.microsoft.com," it might not automatically suggest the same password for "office.microsoft.com," even though both are part of the Microsoft ecosystem.

Now, Microsoft Edge has introduced a feature that groups related websites together, much like having a master key that can open all doors within the same building. This means that when you visit a website, Edge can recognize if it is part of a group of related sites and suggest the same password for all of them. This is done by sending a coded version of the website address to a service that returns a list of related sites, ensuring that your passwords are suggested across all affiliated domains.

For managers, HR staff, or lawyers, this means a more seamless and efficient experience when accessing different parts of a company's online services. It reduces the need to remember multiple passwords for related sites, much like how a master key simplifies access to different rooms in a building. Admins can also manage this feature through specific policies, allowing them to control how it is used within their organization.