Microsoft Edge has an Identity Problem

Right now, it appears that Microsoft Edge is trying to be everything to everyone – which sounds good, until you look at what it could turn into. For enterprise and business, it’s a constantly updated browser that receives frequent Security Baseline recommendations to keep the browser’s settings in line with Microsoft deem as best practise – just like Windows 10/11 and Office apps.

There’s even a ‘Super Duper Secure Mode‘ (which I’m surprised the Microsoft Marketing team approved the name of) which promotes using the browser in the most secure way possible.

Microsoft also provide a fairly open roadmap of upcoming features, and looking for feedback on new items. Check out this list of feedback provided to Microsoft, how long it’s been on their list for, and the status.

The browser itself supports profiles that sign into Azure AD accounts (amongst others) and sync profile data securely to the tenant that account lives in – which can include browser history, favorites, and cached passwords. I’m highlighting here how much trust is put into what Microsoft holds on their business users.

This is the Microsoft I’m a fan of. It’s also why we have openly found out about a new feature currently in canary and dev builds called ‘Buy now, pay later‘. And, it’s also why I’m so disappointed to see this feature, as it flies in the face of what it seems Microsoft is trying to achieve with this trusted, natively embedded in the OS, browser. You can see the angry comments on the TechCommunity post above.

I’d already tweeted my disappointment:

Which lead to a journalist asking for my views for this article:

https://portswigger.net/daily-swig/microsoft-pushes-ahead-with-controversial-buy-now-pay-later-feature-for-edge-browser

I’ll try not to repeat what I wrote there, but it sets a precedent of a slippery slope on where the browser ends and third party features start. Microsoft who have become one of the more ‘woke‘ (which I use as a compliment, not an insult) IT companies, should they really be encouraging ‘buy now, pay later‘ to encourage people borrowing money to buy things online?

What I’m really hoping to see is the retraction of this feature, and it’s why I say Microsoft Edge has an identity problem. It can’t be both a consumer and a business/enterprise solution at the same time, if this is the path Microsoft is taking aspects of the browser down. Do we need to have a consumer SKU and an enterprise SKU of the browser? Different installers?

For the particular feature in question, there doesn’t appear to be a way to turn it off specifically. You CAN turn off ‘Save and fill payment info’ which I expect would disable the Zip pay option, but that’s a handy feature you’re removing from users.

Having Candy Crush baked into Windows 10 Home is questionable, but in Windows 10 Enterprise it’s ridiculous (which thankfully it isn’t). However, it’s in Windows 10 Pro

Am I being too harsh? So many online stores have the Zip pay option on their own store, along with Paypal payment plan options, so does it matter if Edge does it natively too? In my personal opinion it still does matter, because it’s a line that shouldn’t be crossed at all; advertising and the promotion of third party services for profit, native to the trusted browser. If the desktop wallpaper in Windows 10 was changing to promote anything outside of Microsoft services, people would be outraged.

I also expect Microsoft has a reasonable agreement lined up with Zip, which would make reversing this decision harder (or costlier), which will mean they won’t give it up quickly. Historically we have seen Microsoft change direction based on waves of negative feedback – which is awesome – but I’m really unsure if that will be enough this time.

Microsoft needs to decide what Microsoft Edge is. Is it a trusted platform, or is it a vehicle to increase revenue directly through partnerships, making money off the user? If it’s both, then it needs to have a high level switch to allow users and companies to turn off the money making side – especially when we’re already paying for the OS, and the browser is bundled with that.

Edit: I believe this feature will only turn up if you’re signed into the browser’s profile with a Microsoft account – so less of an impact on business users, but the general points still stand. I’ve seen this profile detection behaviour recently, where advertising fo the Microsoft Start app only popped up when I was logged in with a consumer profile, potentially triggered by one of Microsoft’s home pages – having the same home page in an AAD account profile didn’t show:

5 thoughts on “Microsoft Edge has an Identity Problem

  1. That was my bet; a business decision made well over the heads of the Edge developers got turned into a feature, and there’s nothing the development team can do about it.

  2. The core question here is a bit wider than Edge IMO…. they appear to be confused across Win 10 (and 11) as to what their market is….
    The key thing for me is that everything should be addressable/configurable via a GPO and CSP – if its not, then whatever the “feature” is will cause concern to the enterprise market… So sure, introduce this whacky stuff to appease the lawyers, marketing and business people – but just give us admins a efficient way to turn it off/secure it.

  3. I wholeheartedly agree with you – I have been thinking this for a while now too. Every six weeks or so – whenever they would release a new version to the Stable channel – I would be reading through the release notes and new policies list and found myself scratching my head wondering what the hell was going on with the Edge team.

    Legacy Edge was a business-orientated browser that I had a lot of trust in, however when they made the change over to Chromium, it’s obvious that they decided that they were going to move to being a consumer-orientated browser instead. It has been disappointing seeing Microsoft ruining Edge over the last year or so.

    BTW: the “Buy now, pay later” TechCommunity link in the article doesn’t work.

  4. Buy Now, Pay Later is a predatory short-term loan scheme with an upfront discount to lure gullible people in and then slap them with hiddenn fees and skyhigh APR/APY rates. They are “disruptive” and “innovative” startups in the credit market who, like Ubers, Lyfts, and Glovoapps of this world are exploiting legal loopholes to privatize the profits and socialize losses.

    That Microsoft would even consider exposing their customers to those shady companies who are preying on people with low income and low impulse control just to further monetize them even though they are already monetized through windows licensing, cloud subscriptions, and selling of their personal data to advertisers is beyond pale and it should draw some serious regulatory pressure to stop that kind of anti-consumer behavior.

    If I am paying for a Windows Pro license I don’t want to have to also pay for a Windows Server and to spin up an Active Directory domain at home just to be able to reign in their software back to the point where it does what I want, serves my needs, and respects my choices instead of being a platform for promotion of Microsoft and now 3rd party services of questionable legal and moral standing.

    Sadly, as long as irresponsible (or outright bought) “journalists” are gushing the narrative about this new, great, benevolent Microsoft “which has changed so much for the better” that won’t happen.

    Their abuses of dominant market position in the operating system market need to be slapped down with extreme prejudice. It is time to legislate what constitutes valid part of the operating system and internet browser — ads and loan sharks definitely shouldn’t be on that list.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.