Microsoft Offers One Sign-In Experience to Rule Them All

Microsoft Offers One Sign-In Experience to Rule Them All

Microsoft is redesigning its account sign-on experiences for both consumers and businesses in an effort to make them more efficient and consistent.

“We’re continuing to make progress on converging the Azure AD and Microsoft account identity systems,” Microsoft’s Alex Simmons explains. “One of the big steps on this journey is to redesign the sign-in UI so both systems look consistent. Today I’m happy to announce that this updated design is in public preview.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

As you may know, Microsoft offers separate cloud-based account types for individuals and for businesses. Individuals can utilize a Microsoft account (MSA), while businesses users have Azure Active Directory (AD). These account types are, in fact, completely separate. But both account types are designed to provide similar services, such as cross-device settings sync and repositories for apps, games, media content, file storage, and more. Also, you can link an MSA to an Azure AD account, and you can sign-in to Windows 10 with either type of account.

To date, Microsoft has provided different experiences when you sign-in to an MSA or Azure AD account on the web. So this week’s preview is a final step towards a consolidated sign-in experience that will be consistent between both account types. So those who have both—virtually all Azure AD account holders will also have an MSA for their personal use—will see a more consistent experience going forward.

As an individual, you can now see this new sign-in experience by visiting any Microsoft site online and signing in with your MSA. For example, the image at the top of this article is from Bing.com today.

For Azure AD users, the new sign-in experience is now in preview. So you will need to opt-in to the preview the first time you are asked for your credentials.

Either way, the new sign-in experience provides a new “paginated” experience, meaning that you enter your account ID (email address) first and then some credential—a password, an app-based authentication, or whatever—separately, on a second screen. This change seems to have rankled some users on my Twitter stream, but as Microsoft explains, it’s more secure and has a higher sign-in success rate.

The new UI works on both desktop PCs and mobile, and it will be brought to all Microsoft online sites, including the multi-factor authentication experience—in the coming weeks. Microsoft plans to complete the shift to this new experience by the last week of September.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 19 comments

  • rameshthanikodi

    03 August, 2017 - 6:11 am

    <p>I swear this is like the fourth or fifth time they've done something like this.</p>

  • m_p_w_84

    03 August, 2017 - 6:23 am

    <p>Looks like the google sign in</p>

  • IanYates82

    Premium Member
    03 August, 2017 - 6:38 am

    <p>I've had this two page login process for months. I put in my address and then before I can type my password (and sometimes that doesn't even show – I guess that's what this article is about) I then get asked if I want my msa or office 365 account (since both have the same address). </p><p>Works quite well. Can't see why people are cranky about it. </p>

    • DaveHelps

      Premium Member
      03 August, 2017 - 8:04 am

      <blockquote><a href="#163614"><em>In reply to IanYates82:</em></a></blockquote><p>Agreed. On my home PC, if I enter my outlook.com address it proceeds to auto signin, as the account is linked to Windows and the device is trusted. If I enter my Office 365 account address it goes to a password screen (which LastPass auto fills) and then my phone dings with a 2FA alert.</p><p><br></p><p>Seems pretty much perfect to me.</p>

    • RamblingGeek

      03 August, 2017 - 8:32 am

      <blockquote><a href="#163614"><em>In reply to IanYates82:</em></a></blockquote><p>I separated mine out because it was causing issues.. This makes me think I can have them both using the address again….</p>

    • skippu

      Premium Member
      03 August, 2017 - 11:43 am

      <blockquote><a href="#163614"><em>In reply to IanYates82:</em></a></blockquote><p>Precisely why Microsoft now prohibits the creation of an MSA UPN that matches an existing Azure AD UPN.</p><p><br></p><p>It actually is rather confusing for not-well-informed users.</p>

  • Tony Barrett

    03 August, 2017 - 7:28 am

    <p>I hope Enterprises have full control over what syncs, because with a single signon for consumers and businesses, there's a lot of crap that could come down to the corporate PC (if you're running Win10 that is, which most aren't)</p>

  • lefffen1

    03 August, 2017 - 9:46 am

    <p>Still doesn't allow me to copy and paste in my 2FA code from my authenticator app (unless I type in a random number first, then paste and then remove the random number). Every other site lets me do this.</p>

  • Waethorn

    03 August, 2017 - 10:56 am

    <p>So why do they still insist on asking for the email address first, and then clicking "Next" before having to type the password and clicking Next again?</p><p><br></p><p>Microsoft, do you not think computer users have their big-boy pants on? You can put both fields on a single screen, for crying out loud!</p>

    • NazmusLabs

      03 August, 2017 - 11:12 am

      <blockquote><a href="#164110"><em>In reply to Waethorn:</em></a></blockquote><p>In order to determine if you are logging in with msa or ad. Not possible to have both fields in one page.</p>

      • Waethorn

        03 August, 2017 - 12:18 pm

        <blockquote><a href="#164114"><em>In reply to NazmusLabs:</em></a></blockquote><p>And that's not possible by having the password on the same screen?</p><p><br></p><p>Think about that for a second. It's simple to just do a conditional statement to search both providers for a valid login and redirect to the proper provider AFTER the fact. Even if you had an MSA and Azure account with the same email address and password, they only need to prompt AFTER inputting both fields and submitting the previous password to the chosen provider.</p>

    • skippu

      Premium Member
      03 August, 2017 - 11:42 am

      <blockquote><a href="#164110"><em>In reply to Waethorn:</em></a></blockquote><p>It's because if there is an alternate authentication provider involved (e.g. Ping, Okta) then the authentication request is then transferred to that provider. There's no point in accepting a password if Microsoft isn't handling the authentication.</p><p><br></p><p>Microsoft has created a quite elegant solution for enterprise complexity.</p>

      • Waethorn

        03 August, 2017 - 12:18 pm

        <blockquote><a href="#164163"><em>In reply to skippu:</em></a></blockquote><p>See my response below. It's not elegant. It's poor UX.</p>

    • rameshthanikodi

      04 August, 2017 - 5:18 am

      <blockquote><a href="#164110"><em>In reply to Waethorn:</em></a></blockquote><p>Google is doing this too. Apparently it's a security thing, and also a 2FA thing. I wouldn't say it's poor UX.</p>

  • Roger Ramjet

    03 August, 2017 - 11:48 am

    <p>hmm. Unified log in to the One cloud. The final conflict can't be far off. Perhaps, "The War of the Edges"?</p><p><br></p>

  • valisystem

    Premium Member
    03 August, 2017 - 1:50 pm

    <p><span style="color: rgb(0, 0, 0);">The existence of two different Microsoft identity systems is extraordinarily confusing for non-tech users. For this article, you've adopted "Azure AD" and "Microsoft account" to refer to the two systems. That's a recent development. Microsoft still uses "work or school" and "personal" on its dialogs. </span></p><p><br></p><p><span style="color: rgb(0, 0, 0);">So I'm not sure whether it's helpful that the login screen will now be identical for sign-ins to both identity services. It removes a visual indicator that could help people stay oriented. Another example: the visual similarity of OneDrive and OneDrive for Business is a real problem for non-tech people trying to find files.</span></p><p><br></p><p><span style="color: rgb(0, 0, 0);">I dream of a truly unified system where a personal account can be linked to an Azure AD account, allowing single sign-on and access to all MS services. If this screen helps get closer to that goal, great. But by itself, I'm worried that this increases confusion instead of simplifying things.</span></p>

  • johnbaxter

    03 August, 2017 - 2:28 pm

    <p>The old rule was to never tell the person trying to log in (i.e., the attacker) whether it is the username or the password that is wrong. The paginated method breaks that, admitting that the username (email, phone, etc) is wrong before asking for the password.</p><p><br></p><p>Perhaps the new method is enough more secure to overcome that information leak.</p>

  • skane2600

    03 August, 2017 - 6:54 pm

    <p>UWP Passport? In the spirit of the equally silly .NET Passport. </p>

  • Maxpayne

    23 February, 2018 - 4:02 am

    <p><span style="color: rgb(51, 51, 51);">Well, this is great change. If they are to make these things to a single one, it would save us some time and avoid the hassle of signing in on every other tool we are accessing. This was something they should have done long ago.</span></p><p><a href="https://www.bamedsupplies.com/sur-fit-natura-drainable-pouch-by-convatec-transparent.html&quot; target="_blank" style="color: rgb(51, 51, 51); background-color: rgb(255, 255, 255);">Big Apple Medical Drainable Pouch</a></p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC