cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows 10 login with microsoft account

Rui Cabral
Brass Contributor

‎Feb 29 2020 06:44 AM

‎Feb 29 2020 06:44 AM

Windows 10 login with microsoft account

For non-domain computers, is it true that anyone with a valid Microsoft account is able to login?

e.g. If I would to loose my computer could someone that found it just login to the computer with their MS account?

if my e.g. is true, is there way to secure and restrict it?

 

Labels:
1,763 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Rui Cabral (Brass Contributor)
dretzer

‎Mar 02 2020 02:16 AM - edited ‎Mar 02 2020 02:17 AM

‎Mar 02 2020 02:16 AM - edited ‎Mar 02 2020 02:17 AM

Solution

Re: Windows 10 login with microsoft account

No, that is not correct. Individual Microsoft Accounts have to be enabled for logon on the local computer using an account with local administrative permissions.

The first account you create in OOBE can be a Microsoft Account, but all further accounts on the computer have to be "created" in the settings -> accounts -> additional accounts menu. If an account was not previously added there (no matter if it is a local or MSA) it cannot be used to logon.

Technically, even a Microsoft Account needs a local representation in the computers SAM-Database. Additionally it has to be added to a local security group that has local logon permissions (users and administrators have this by default). To add new accountrs to the local SAM-Database, you already need local administrative permissions. So no way to logon with a MSA that got never added to the machine in the first place.

@Rui Cabral 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Rui Cabral (Brass Contributor)
dretzer

‎Mar 02 2020 02:16 AM - edited ‎Mar 02 2020 02:17 AM

‎Mar 02 2020 02:16 AM - edited ‎Mar 02 2020 02:17 AM

Solution

Re: Windows 10 login with microsoft account

No, that is not correct. Individual Microsoft Accounts have to be enabled for logon on the local computer using an account with local administrative permissions.

The first account you create in OOBE can be a Microsoft Account, but all further accounts on the computer have to be "created" in the settings -> accounts -> additional accounts menu. If an account was not previously added there (no matter if it is a local or MSA) it cannot be used to logon.

Technically, even a Microsoft Account needs a local representation in the computers SAM-Database. Additionally it has to be added to a local security group that has local logon permissions (users and administrators have this by default). To add new accountrs to the local SAM-Database, you already need local administrative permissions. So no way to logon with a MSA that got never added to the machine in the first place.

@Rui Cabral 

View solution in original post

0 Likes
Reply