Accounts Basics (23H2)

Windows 11 supports different types of accounts that can behave differently depending on how they're configured and used.

For example, you can sign in to Windows using a Microsoft account, a work or school account, or a local account. But you can also add additional online accounts to access email, apps, and other services from within that sign-in. And you can, of course, configure multiple sign-in accounts on the same PC, so that different users can have their own custom environments, apps, and data.

Complicating matters, each sign-in account is assigned a set of permissions that determines whether they have full administrative rights over the PC. And while many users who sign in to Windows 11 will be using an online account, some still use an offline account, which comes with certain limitations.
Understand the different types of accounts
Confused? Let's step through the various types of accounts you'll encounter in Windows 11, and see how they interoperate and overlap.
Sign-in accounts
A sign-in account--sometimes called a user account--is an account you use to sign in to Windows 11 on your PC. It can be a Microsoft account, a work or school account, or a local account.
Microsoft accounts are discussed further in Microsoft Accounts. Work or school accounts are discussed further in Work or School Accounts. And local accounts are discussed further in Local Accounts.
When a sign-in account has a password--which it should, though passwords are optional with local accounts only--Windows 11 forces you to create an alphanumeric passcode called a PIN so that you can use it to sign in more easily. Most PINs are just four characters long, but they provide a small additional layer of security by being different from your password. And ideally, you will use a different PIN on each PC you use.

Windows 11 will also recommend that you configure and use other forms of Windows Hello authentication, including facial and fingerprint recognition, depending on the capabilities of your PC. These methods further secure your PC because they are unique to you and hard if not impossible to spoof.
You can learn more about Windows Hello PINs and facial and fingerprint recognition in Windows Hello and Dynamic Lock.
Online and offline accounts
Windows 11 supports both online and offline accounts. You can use either to sign in to Windows 11. But email and app accounts, which are configured from within Windows, are only online accounts.

An online account is an account that can only be created when the PC you're using is online and connected to the Internet. Microsoft accounts and work or school accounts are both online accounts.

A local account is the only offline account type, and it can only be used to sign in to Windows 11. Unlike online accounts, offline accounts can be created when offline.
Managed and unmanaged accounts
There is also this concept of managed accounts and unmanaged account types.

A managed account is an account that is cen...