News

Microsoft Rolling Out New Process To Address Account Overlap Confusion

Microsoft today initiated a blocking process to address potential "account overlap" issues when end users sign up to access Microsoft services.

These problems can arise because of the mixing up of personal and work accounts for various reasons. Microsoft currently has two account authentication services. Accounts for personal use are set up as "Microsoft accounts" (formerly known as "Live ID" accounts). Next, there are work accounts known as "Azure Active Directory accounts." Microsoft is currently working on unifying these two account authentication services, but it's been a work in progress so far.

New Approach
In the meantime, Microsoft will start blocking accounts with overlap issues. Starting today, users will get a new dialog box message when they try to sign up for a new Microsoft account using a work or school e-mail address with a domain that's already been set up in Azure AD. The dialog box gives the end user the following message:

You can't sign up here with a work or school email address. Use a personal email, such as Gmail or Yahoo!, or get a new Outlook email.

This new "sign-up block" approach has been in effect as a limited preview for a while, but it's "now active for all domain names that are configured (DNS-verified) in Azure AD," Microsoft indicated, in an announcement. The block process only affects new account creations, though.

Since Microsoft hasn't moved all of its services over to the new approach, the blocking process might not happen for "a small number of Microsoft business services that don't support Azure AD," Microsoft explained.

The account overlap issue can be a problem because some end users may use a company's domain to sign up for various services. Later, they can get confused and try to use a personal account to sign into business services. Microsoft's example is that end users might try to "save a business document to their OneDrive" storage, when using a personal account. It can be especially problematic when end users have used "the same email address" for a Microsoft account and an Azure AD account, although Microsoft is potentially addressing the confusion with the new sign-up blocking behavior.

With regard to creating personal Microsoft accounts, Microsoft offered the following tips for IT pros:

  • If you're an IT pro, do not bulk create personal Microsoft accounts for your employees.
  • If you're an IT pro, don't ask your employees to create personal Microsoft accounts with their work email address.

Creating bulk personal Microsoft accounts can lead to "hard usability and security problems," Microsoft's announcement warned. Instead, organizations should use the self-service account sign-up model that's "built into Windows 10 using Azure AD."

On the second point, the practice of asking end users to create personal Microsoft accounts can just lead to "confusion about who owns the associated content and resources," Microsoft cautioned.

Dev Advice
Microsoft has already been bringing its new "converged identity service" model to developers. They currently can target an "Azure AD v2 authentication endpoint" that Microsoft rolled out in February. It will help address these account overlap issues.

Developers probably should "support both personal and work accounts from Microsoft" with their code, Microsoft advised. The details on how to do that are described in this Microsoft blog post.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • How To Create a Windows Deployment Image, Part 1

    While there are various methods for creating custom Windows deployment images, the process has a reputation for being tedious and convoluted.

  • Azure Cost Management Now Commercially Available for Some Tenancies

    Microsoft on Monday announced that its Azure Cost Management feature had reached the "general availability" release stage for both Azure "pay-as-you-go" customers and Azure Government tenancies.

  • Microsoft Bringing Files Restore Capability to SharePoint Online and Teams

    Microsoft on Monday announced that it's delivering its Files Restore feature for SharePoint Online and Microsoft Teams to Office 365 tenancies as early as this month.

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.