Microsoft has suddenly started a debate about what even qualifies as a “real” VPN. The reason is a post in X from the official Microsoft Edge account, in which Redmond reminds about the built-in Edge Secure Network VPN feature, a free tool to protect traffic.
IN publications Secure Network is advertised as a simple way to add an extra layer of security, especially when connecting to public Wi-Fi networks like coffee shops, airports and hotels.
However, everything is enabled with just a few clicks through the Edge settings, with a required login to your personal Microsoft account. Users are given 5 GB of traffic per month for free, after which protection is paused until the next billing period. However, streaming services like Netflix and Hulu are not routed through this channel.
It seemed like a nifty integration option, but soon a detailed technical comment from cybersecurity researcher Suraj Satyanarayanan, a Brave employee, appeared under the post. He claims that Edge Secure Network is “not really a VPN” but an HTTP CONNECT proxy powered by the Cloudflare Secure Proxy platform. And it only works inside the browser.
In other words, only traffic passing through Edge is encrypted. Everything else (apps, system updates, email clients, and other processes) continue to use the normal network connection.
In the classic sense, a VPN creates a system tunnel for the entire device, often with features like killswitches and the ability to manually select the connection country. In the case of Edge, there is no such flexibility: the server is chosen automatically, usually the closest geographically.
Microsoft is more precise in its documentation: the company says that the feature “uses VPN technology” to encrypt browser traffic and hide IP addresses from websites. It was also emphasized that this is a basic protection built into the browser and not an official replacement for individual VPN services. However, claims such as “free monthly VPN data protection” have raised questions about whether this is confusing to users.
A separate discussion is raised due to the requirement for authentication through a personal Microsoft account. The company explains this because it is necessary to take into account monthly traffic limits. Critics note that in such a model, protection would be tied to specific user identities. The architecture is built on trust between two parties: Microsoft manages the account and Cloudflare is responsible for routing. Both companies say they do not analyze traffic content or collate data, but there is no independent public audit of the program.
Additionally, by default, Security Network operates in “optimized” mode; Protection may only be activated automatically in situations that the browser considers potentially risky, such as connecting to an unsecured network or visiting non-HTTPS websites. If desired, the user can change the behavior of the function and extend its application.
The question essentially involves terminology and expectations. For some, Edge Secure Network is a convenient free “default” protection. To others, marketing seems bigger than actual technical capabilities. A more detailed public position from Microsoft could finally put an end to the i-word. Let's see if there is an official response from the corporation.
