Microsoft Offers One Sign-In Experience to Rule Them All

Posted on August 3, 2017 by Paul Thurrott in Cloud, Microsoft Consumer Services, Mobile, Office 365, Windows 10 with 19 Comments

Microsoft Offers One Sign-In Experience to Rule Them All

Microsoft is redesigning its account sign-on experiences for both consumers and businesses in an effort to make them more efficient and consistent.

“We’re continuing to make progress on converging the Azure AD and Microsoft account identity systems,” Microsoft’s Alex Simmons explains. “One of the big steps on this journey is to redesign the sign-in UI so both systems look consistent. Today I’m happy to announce that this updated design is in public preview.”

As you may know, Microsoft offers separate cloud-based account types for individuals and for businesses. Individuals can utilize a Microsoft account (MSA), while businesses users have Azure Active Directory (AD). These account types are, in fact, completely separate. But both account types are designed to provide similar services, such as cross-device settings sync and repositories for apps, games, media content, file storage, and more. Also, you can link an MSA to an Azure AD account, and you can sign-in to Windows 10 with either type of account.

To date, Microsoft has provided different experiences when you sign-in to an MSA or Azure AD account on the web. So this week’s preview is a final step towards a consolidated sign-in experience that will be consistent between both account types. So those who have both—virtually all Azure AD account holders will also have an MSA for their personal use—will see a more consistent experience going forward.

As an individual, you can now see this new sign-in experience by visiting any Microsoft site online and signing in with your MSA. For example, the image at the top of this article is from today.

For Azure AD users, the new sign-in experience is now in preview. So you will need to opt-in to the preview the first time you are asked for your credentials.

Either way, the new sign-in experience provides a new “paginated” experience, meaning that you enter your account ID (email address) first and then some credential—a password, an app-based authentication, or whatever—separately, on a second screen. This change seems to have rankled some users on my Twitter stream, but as Microsoft explains, it’s more secure and has a higher sign-in success rate.

The new UI works on both desktop PCs and mobile, and it will be brought to all Microsoft online sites, including the multi-factor authentication experience—in the coming weeks. Microsoft plans to complete the shift to this new experience by the last week of September.


Tagged with , ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (19)

19 responses to “Microsoft Offers One Sign-In Experience to Rule Them All”

  1. rameshthanikodi

    I swear this is like the fourth or fifth time they've done something like this.

  2. skane2600

    UWP Passport? In the spirit of the equally silly .NET Passport.

  3. johnbaxter

    The old rule was to never tell the person trying to log in (i.e., the attacker) whether it is the username or the password that is wrong. The paginated method breaks that, admitting that the username (email, phone, etc) is wrong before asking for the password.

    Perhaps the new method is enough more secure to overcome that information leak.

  4. valisystem

    The existence of two different Microsoft identity systems is extraordinarily confusing for non-tech users. For this article, you've adopted "Azure AD" and "Microsoft account" to refer to the two systems. That's a recent development. Microsoft still uses "work or school" and "personal" on its dialogs.

    So I'm not sure whether it's helpful that the login screen will now be identical for sign-ins to both identity services. It removes a visual indicator that could help people stay oriented. Another example: the visual similarity of OneDrive and OneDrive for Business is a real problem for non-tech people trying to find files.

    I dream of a truly unified system where a personal account can be linked to an Azure AD account, allowing single sign-on and access to all MS services. If this screen helps get closer to that goal, great. But by itself, I'm worried that this increases confusion instead of simplifying things.

  5. Roger Ramjet

    hmm. Unified log in to the One cloud. The final conflict can't be far off. Perhaps, "The War of the Edges"?

  6. m_p_w_84

    Looks like the google sign in

  7. Waethorn

    So why do they still insist on asking for the email address first, and then clicking "Next" before having to type the password and clicking Next again?

    Microsoft, do you not think computer users have their big-boy pants on? You can put both fields on a single screen, for crying out loud!

  8. lefffen1

    Still doesn't allow me to copy and paste in my 2FA code from my authenticator app (unless I type in a random number first, then paste and then remove the random number). Every other site lets me do this.

  9. Tony Barrett

    I hope Enterprises have full control over what syncs, because with a single signon for consumers and businesses, there's a lot of crap that could come down to the corporate PC (if you're running Win10 that is, which most aren't)

  10. IanYates82

    I've had this two page login process for months. I put in my address and then before I can type my password (and sometimes that doesn't even show - I guess that's what this article is about) I then get asked if I want my msa or office 365 account (since both have the same address).

    Works quite well. Can't see why people are cranky about it.

  11. Maxpayne

    Well, this is great change. If they are to make these things to a single one, it would save us some time and avoid the hassle of signing in on every other tool we are accessing. This was something they should have done long ago.

    Big Apple Medical Drainable Pouch

Leave a Reply