SWA security model
Auto-login for non-SSO apps is handled as part of the access management workflow, not as a convenience-only feature.
- SWA credentials are stored as Lockbox-encrypted data on the server side.
- The extension runs on auto-login target pages, and permission-scope reduction is tracked as a security improvement before production distribution.
- Credential use, autofill failures, and key activity can connect to audit logs.
