Logging In To A PC With A Microsoft Account Is Overrated

Windows 10 - switch to local account

With the collapse of the Microsoft consumer ecosystem, there are fewer reasons all the time to sign into Windows 10 with a personal Microsoft account. I’m finding I frequently set up new computers with classic local accounts and bypass Microsoft’s push to connect the computer to an online account.

Let’s talk a little bit about the pros and cons of logging into Windows with a personal Microsoft account. There are still some good reasons for your computer to be set up that way; it’s just interesting that there are so many less than when this idea was first introduced.


TL;DR

  •  You don’t have to change anything about your current setup. There are minor advantages to logging in to a Windows 10 PC with a Microsoft account, and no disadvantages that require changing your habits.

  •  Set up a new PC with a local account. If you’re going to connect to a Microsoft account, do it after you’ve set the computer name.

  •  You probably won’t notice if you never get around to connecting to a Microsoft account.


What does “logging in with a Microsoft account” mean?

When you set up a new computer, Microsoft makes it appear that a personal Microsoft account is required in order to complete setup. The option to use only a local account is hidden in the small print and requires a couple of clicks to get past the nagging. The connection to an online account is meant to be a wonderful thing – a link to a panoply of rich services, to connections between computers and devices, and to a big walled garden full of Microsoft products.

These days, well, not so much.

A quick overview of the login concept:

  •  When you log into a computer, some authority decides what happens next. Do you have permission to log in on that computer? Do you have permission to install programs on the computer? Are there folders that you don’t have permission to browse?

  •  When you log into a business computer, it’s likely to be a server that makes that decision – a domain controller, either on-site or online. That’s how companies control security on their network.

  •  When you log in to an individual computer with a local account, the computer you’re sitting at consults its own records to see if it recognizes you.

  •  In Windows 10, Microsoft has added the idea of connecting the individual login to a personal Microsoft account. You don’t login with your name, you login with the email address of your Microsoft account. You use the password of your Microsoft account. If you have an @outlook.com or @hotmail.com email address, then the password to log into the computer is the same as your email password.

The computer consults Microsoft to confirm that you’ve entered the correct password and to decide what permissions you have on the computer. More importantly, though, it also connects you to what is meant to be a vast array of Microsoft services, and it syncs various settings so that they match what you’ve done on other devices logged into the same Microsoft account.

In principle, it’s similar to what happens when you log into an iPhone with your Apple account, or an Android phone or Chromebook with your Google account. The difference is that our Apple accounts and especially our Google accounts are becoming more important all the time and tying together services that we use constantly. Each of you probably has more than one thing tied to your Google account that you expect to be synced and readily available and that you draw on constantly. Perhaps it’s your Chrome bookmarks or browsing history, or the pictures stored in Google Photos, or Google Maps destinations, or something else from the Google services that we increasingly depend on. (Perhaps the most important thing is also the most subtle: Google customizes search results based on what it knows about us.)

Logging into a Windows PC was meant to create that same enveloping experience. The problem is, most of the things that Microsoft syncs involves products and services that we don’t use. It is literally meaningless that Microsoft is syncing our bookmarks and browsing history in the Edge browser, or our search requests with Cortana, or something related to Microsoft’s nearly deceased services for music or video. We don’t use those things. It just doesn’t matter.

Microsoft account versus local account

Microsoft’s explanation above of the differences between signing in with a Microsoft account and a local account highlights the problem for Microsoft. The first two “advantages” of signing in with a Microsoft account are irrelevant to most Windows users. (1) Microsoft may wish things were different but we don’t download apps from the Windows Store. (2) As for “getting online content in Microsoft apps automatically,” the only one that we might use is OneDrive, and it’s easy to set up separately.

Windows 10 sync settings

That means the only advantage comes from syncing various Windows 10 settings, as shown in the above screen shot from Settings / Accounts / Sync your settings. Some of those choices are mildly useful, and you might feel some of them are just wonderful. If you enjoy having the same wallpaper synced between your desktop and laptop computers, for example, the setting for “Theme” is what makes that happen. We don’t save passwords in Windows (with one exception – see below), and very few of us change our language preferences once they’re set, so syncing those settings isn’t very interesting. Ease of access settings are crucial for those who depend on them, not so much for most people. There’s “Other Windows settings,” which covers some pretty minor things – printer and mouse options, File Explorer settings and notification preferences. (The complete list is here.)


What are the disadvantages of signing in with a Microsoft account?

Privacy and security  There is a privacy and security aspect of linking the computer login to a Microsoft account: if you share your login password with a co-worker or family member, or if your computer login is hacked (copied down by the person sitting next to you at Starbucks, say), it unlocks more than just your computer. Logging into the online portal for that Microsoft account provides access for quite a number of Microsoft apps and services, and potentially could even expose a credit card on file with Microsoft. Those dangers are mostly theoretical – but not completely. It’s one of the reasons that using a PIN to log into your computer (Settings / Accounts / Sign-in Options) is arguably more secure than typing in your password: the PIN is local to the device and is not synced online.

Confusion  Microsoft explains it, I explain it, but let’s face it, if you’re a non-technical person – do you know if you’re logging in to your computer with a Microsoft account? Is it a personal account or a “work or school” account? If your files are stored in OneDrive, do you know if it’s the personal OneDrive or OneDrive for Business? Microsoft’s dual systems of authentication make this far more difficult to understand than it should be, even for technical professionals.

windows10_syncsettings_mssupport

Let me give you an example. The above screen shot shows Microsoft’s support page about this topic, titled “About sync settings on Windows 10 devices.” The second sentence:

“Sync settings also works if you sign in with a work or school account linked to your Microsoft account.”

I study the relationship between Microsoft’s personal and work accounts obsessively. I believe its failure to name them and communicate about them clearly is at the root of Microsoft’s failure in the 21st century. I can tell you with a high degree of confidence that the above sentence does not make any sense. Not only are personal accounts not consistently called “Microsoft accounts,” but there is no way to link a personal account and a work account in any way that relates to syncing in Windows 10. I’m not sure what they were trying to communicate in that sentence but trust me, there’s no way to understand it here in the outside world. That’s what I mean by “confusion.”

Does not include Office settings  There is no meaningful syncing of anything to do with the Office programs, and there should be. There is really no excuse for it. Your Outlook signatures won’t be synced. Your custom dictionary and changes to AutoCorrect won’t be synced. Your layout preferences in Outlook won’t be synced. It’s part of where Microsoft has dropped the ball in moving us to an online, cloud connected world, and left an opening that Google has been merrily exploiting.


What are the advantages of signing in with a Microsoft account?

When you set up a new computer and log in with a Microsoft account, you might save as many as three, maybe four, minutes because of the settings that are synced so they don’t have to be set up manually. Gosh! What will you do with the free time?

There are four things I can think of that might cause you to benefit from having your computer linked to an online personal Microsoft account.

Family features and parental control  Windows has rich features for parents to control login privileges, apps, and computer usage for kids in the household. Each login has to be linked to a Microsoft account to use those features. It’s good stuff if you need it.

Find your PC  if you have a laptop and sign in with a Microsoft account (or a business office 365 account), the laptop will periodically register its location with Microsoft. You can see its last recorded location from the Devices page at Microsoft. You can imagine that this might be important if your laptop is lost or stolen.

Bitlocker recovery key  A hard drive on a laptop with Windows 10 Professional or Enterprise can be encrypted with Bitlocker for security. Some laptops have Bitlocker turned on by default when they are shipped. Look in Control Panel / System & Security / Bitlocker Drive Encryption to see if it’s turned on for your computer. A recovery key – a long string of numbers – is required to decrypt the drive. When you sign in with a Microsoft account, the Bitlocker recovery key is stored online with Microsoft and can be accessed later. (If you sign in with a business Office 365 account, the account administrator can look up the key.)

The recovery key is only required if you have a legitimate need to access the data on the drive when the drive is removed from the laptop (for example, after a complete system collapse), or when the motherboard is replaced. The whole point of Bitlocker is that the drive can’t be read by someone who steals your laptop and doesn’t know your password.

I was just able to assist a client by obtaining his Bitlocker recovery key last week while a Lenovo technician was replacing the motherboard. This was incredibly valuable. As it happens, it’s also the first time I’ve ever needed to do that in 20 years of working with hundreds of clients. But if you need it, it’s very important.

Wi-Fi passwords  For some reason this is rarely mentioned, but it might be the best reason to sign in with a Microsoft account. Microsoft syncs the WPA wi-fi security codes memorized by your laptop when you type them in and check the box to “Always connect.” If you replace your laptop and sign in with the same account, it will immediately know the passwords to all the Wi-Fi networks. That is a wonderful thing.

Is that enough to justify the time spent puzzling out Microsoft’s account settings? Oh, I dunno. It’s not bad. Not exactly a compelling array of advantages but . . . not bad.


Setup tip: start with a local account, add the Microsoft account later

Microsoft has an odd quirk built into Windows 10. It automatically generates a name for the computer, typically DESKTOP or LAPTOP followed by an alphanumeric string. Your computer name will initially be something like DESKTOP-5JNNQ07 or LAPTOP-6QSNKG4.

When you sign in with a Microsoft account, Microsoft stores the computer name in various places – Find Your PC, the Devices page, perhaps in its records relating to licenses or apps. It records whatever the computer name is at the time of the first sign in to the Microsoft account – and crucially, Microsoft does not update the computer name if it is changed later.

If you are trying to use Find Your PC to locate your lost laptop, and you can’t tell which device it is because the name is impenetrable, you will be the teensiest bit put out by the experience. I think I would describe my mood as “Furious, with intent to kill” when that has happened to me.

When you’re setting up a new PC, log in with a local account. As one of your first setup tasks, go to Settings / System / About, and change the name of the computer to something you recognize. Then and only then, go back to Settings / Accounts / Your Info and connect to your personal Microsoft account, if you choose.