Windows 10 login with microsoft account

Brass Contributor

For non-domain computers, is it true that anyone with a valid Microsoft account is able to login?

e.g. If I would to loose my computer could someone that found it just login to the computer with their MS account?

if my e.g. is true, is there way to secure and restrict it?


1 Reply
best response confirmed by Rui Cabral (Brass Contributor)

No, that is not correct. Individual Microsoft Accounts have to be enabled for logon on the local computer using an account with local administrative permissions.

The first account you create in OOBE can be a Microsoft Account, but all further accounts on the computer have to be "created" in the settings -> accounts -> additional accounts menu. If an account was not previously added there (no matter if it is a local or MSA) it cannot be used to logon.

Technically, even a Microsoft Account needs a local representation in the computers SAM-Database. Additionally it has to be added to a local security group that has local logon permissions (users and administrators have this by default). To add new accountrs to the local SAM-Database, you already need local administrative permissions. So no way to logon with a MSA that got never added to the machine in the first place.

@Rui Cabral