News

Microsoft Rolling Out New Process To Address Account Overlap Confusion

Microsoft today initiated a blocking process to address potential "account overlap" issues when end users sign up to access Microsoft services.

These problems can arise because of the mixing up of personal and work accounts for various reasons. Microsoft currently has two account authentication services. Accounts for personal use are set up as "Microsoft accounts" (formerly known as "Live ID" accounts). Next, there are work accounts known as "Azure Active Directory accounts." Microsoft is currently working on unifying these two account authentication services, but it's been a work in progress so far.

New Approach
In the meantime, Microsoft will start blocking accounts with overlap issues. Starting today, users will get a new dialog box message when they try to sign up for a new Microsoft account using a work or school e-mail address with a domain that's already been set up in Azure AD. The dialog box gives the end user the following message:

You can't sign up here with a work or school email address. Use a personal email, such as Gmail or Yahoo!, or get a new Outlook email.

This new "sign-up block" approach has been in effect as a limited preview for a while, but it's "now active for all domain names that are configured (DNS-verified) in Azure AD," Microsoft indicated, in an announcement. The block process only affects new account creations, though.

Since Microsoft hasn't moved all of its services over to the new approach, the blocking process might not happen for "a small number of Microsoft business services that don't support Azure AD," Microsoft explained.

The account overlap issue can be a problem because some end users may use a company's domain to sign up for various services. Later, they can get confused and try to use a personal account to sign into business services. Microsoft's example is that end users might try to "save a business document to their OneDrive" storage, when using a personal account. It can be especially problematic when end users have used "the same email address" for a Microsoft account and an Azure AD account, although Microsoft is potentially addressing the confusion with the new sign-up blocking behavior.

With regard to creating personal Microsoft accounts, Microsoft offered the following tips for IT pros:

  • If you're an IT pro, do not bulk create personal Microsoft accounts for your employees.
  • If you're an IT pro, don't ask your employees to create personal Microsoft accounts with their work email address.

Creating bulk personal Microsoft accounts can lead to "hard usability and security problems," Microsoft's announcement warned. Instead, organizations should use the self-service account sign-up model that's "built into Windows 10 using Azure AD."

On the second point, the practice of asking end users to create personal Microsoft accounts can just lead to "confusion about who owns the associated content and resources," Microsoft cautioned.

Dev Advice
Microsoft has already been bringing its new "converged identity service" model to developers. They currently can target an "Azure AD v2 authentication endpoint" that Microsoft rolled out in February. It will help address these account overlap issues.

Developers probably should "support both personal and work accounts from Microsoft" with their code, Microsoft advised. The details on how to do that are described in this Microsoft blog post.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.