Details
This policy setting prevents users from adding new Microsoft accounts on this computer.
The recommended state for this setting is: Users can’t add or log on with Microsoft accounts.
Rationale:
Organizations that want to effectively implement identity management policies and maintain firm control of what accounts are used to log onto their computers will probably want to block Microsoft accounts. Organizations may also need to block Microsoft accounts in order to meet the requirements of compliance standards that apply to their information systems.
Impact:
Users will not be able to log onto the computer with their Microsoft account.
Solution
To establish the recommended configuration via GP, set the following UI path to Users can’t add or log on with Microsoft accounts:
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsAccounts: Block Microsoft accounts
Default Value:
Users are able to use Microsoft accounts with Windows.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.