Microsoft Wants You to Trust Edge but Then Leaves Passwords in Cleartext

This Week in IT

This Week in IT

LISTEN ON:

This Week in IT, Microsoft Edge is exposing passwords by design, shadow AI agents are lurking on your endpoints, and Azure is quietly pulling the plug on VMs you’re probably still running.

Episode overview

1. Microsoft Edge Stores All Saved Passwords in Plaintext RAM — “By Design”

A Norwegian security researcher discovered that Microsoft Edge decrypts and loads every saved password into process memory in cleartext at startup, and keeps them there for the entire session, even for sites you never visit. Microsoft confirmed this is intentional. No other Chromium-based browser behaves this way.

Links:

2. Agent 365 Discovers Shadow AI Agents on Endpoints

Microsoft Agent 365, now generally available, is introducing new capabilities through Defender and Intune to discover and manage local AI agents running on Windows devices starting with OpenClaw and expanding to Claude Code and GitHub Copilot CLI. A new Shadow AI page in the Microsoft 365 admin center gives IT teams visibility into unmanaged agents. Full context mapping, policy-based controls, and runtime blocking arrive in public preview in June 2026.

Links:

3. Microsoft Retiring 17 Azure VM Sizes

Microsoft will stop taking one-year reservations for 13 Azure VM instance types (including D, Ds, Dv2, Dsv2, F, Fs, Fsv2, G, Gs, Ls, Lsv2, Av2, Amv2, Bv1) on July 1, 2026, with full retirement in May and November 2028. Four additional types (Dv3, Dsv3, Ev3, Esv3) lose reservation eligibility but remain operational beyond 2028. All affected instances run on Intel Haswell, Skylake, or Cascade Lake hardware.

Links: