Tip: Choose Whether to Sign in to Windows 10 with Your Microsoft Account

Posted on February 20, 2017 by Paul Thurrott in Cloud, Microsoft Consumer Services, Windows 10 with 37 Comments

Tip: Choose Whether to Sign in to Windows 10 with Your Microsoft Account

I’ve spent a lot of time investigating how the role of your Microsoft account is changing as Windows 10 evolves. And I think I’m ready to offer some advice about when you should—and shouldn’t—sign-in to Windows 10 with your Microsoft account.

As I noted in First Steps: Use Your Microsoft Account with Window 10 recently, I’ve gone back and forth on whether it makes sense to sign-in to Windows 10 with a Microsoft account or a local account. And to be clear, this is a topic I sort of obsess over. The reason is that I want theWindows 10 Field Guide to be as useful as possible, of course. But as a public face for the community of people who use Microsoft technologies, I also feel a deep responsibility to accurately portray how these things work together. And whether it makes sense to even use them together.

(This is why I cannot recommend Windows phone, for example. This platform is a mess today and it is not the best mobile solution for any user, even those who prefer Microsoft technologies. This puts me at odds with those who blindly just choose Microsoft solutions, of course, but my responsibility is to you, Microsoft’s users, and not to Microsoft.)

When you sign-in to a new Windows 10 PC for the first time, you are prompted to sign-in with a Microsoft account (MSA). My advice here is unchanged: The first time you sign-in to Windows 10, use a local account. Do this even if you wish to sign-in with a Microsoft account later. Once the PC is up and running properly—your applications are all installed, your cloud data is all synced, and so on—you can change from a local account to your MSA.

So why would you want—or need—to sign-in to Windows 10 with an MSA? There are a few primary reasons, which I’m listing here in order of importance, plus a third topic that bears a bit more discussion.

Settings sync. If you use Windows 10 on multiple PCs, you can sync a variety of settings—like your desktop theme (desktop wallpaper, color scheme and so on), your saved passwords, your language preferences, and more—between those PCs by signing-in with your MSA. Frankly, your ability to configure what syncs on a PC-by-PC basis is very limited, and I don’t see a great value in doing this. Even though I use a great many different PCs.

Convenience. When you sign-in to Windows 10 with your MSA, this authentication is passed through to all of the apps that come bundled with Windows 10. So that same MSA will be used with Groove, News, whatever, and you won’t need to manually sign-in each time you run one of those apps for the first time. Frankly, this isn’t particularly motivating for me, and I don’t mind manually signing-in to the few UWP apps I do actually use. In fact, once you’ve done so once, that MSA is stored in your “accounts used by other apps” list and can easily be selected.

(If you are using Microsoft’s parental controls functionality, called Microsoft Family, the kids in your family will need to sign-in with an MSA as well. But you, the parent, do not.)

Put simply, neither one of these reasons is particularly compelling to me. One or both may be to you, however, and if so, please do feel free to sign-in to Windows with your MSA.

But there is a third reason. Microsoft Edge.

If you want to use Microsoft Edge to its fullest extent, you can do so most easily by signing in to Windows with your MSA. Why is that, you ask? It’s because Edge, unique among the apps bundled with Windows 10, does not let you sign-in to the app with your MSA.

As noted above, Groove, News, and many other apps let you sign-in to your MSA with just the app, so you retain your local account sign-in for Windows 10. But if you want to use Edge’s PC-to-PC sync functionality—its ability to sync passwords, Favorites, and other personal information between PCs—you must sign-in to Windows 10 with your MSA.

That said, you can get around this.

You can achieve PC-to-PC password sync by using a compatible password manager like LastPass of course.

Favorites sync is a bit trickier, but you can also achieve this by ensuring that your favorites (called bookmarks in most other browsers) are also tied to another browser. Then, you can use Edge’s ability to sync those favorites to Edge using Internet Explorer (which is available vestigially in Windows 10) or Google Chrome (which you will need to install and sync separately).

In other words, Edge is a weird combination of the two reasons cited above. Microsoft Edge features are synced from PC to PC when you sign-in to Windows 10 with an MSA, even though Edge is not called out in “Sync your settings” in the Windows 10 Settings app at all. And its about convenience too: You can overcome the sync limits through other means, but they are not automatic.

Which route you choose is of course up to you. But I will continue to forego using a Microsoft account to sign-in to Windows 10. I just don’t see the advantage.

 

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (37)

37 responses to “Tip: Choose Whether to Sign in to Windows 10 with Your Microsoft Account”

  1. Avatar

    rameshthanikodi

    sucks that I can't do this, because I upgraded to Windows 10 from Windows 8.1, and I signed in with a MSA back then, because everything in 8.1 was behind the wall. Feels kinda stupid in retrospect, because nothing in the Windows 8.1 store/ "Modern environment" was worth it, lol.

  2. Avatar

    Waethorn

    Did they soften the requirements for downloading Microsoft Edge extensions in the Windows Store? When they first announced extension support, you needed a Microsoft Account, as always, to download them from the Store. I had a few computers recently with clean installs where I was able to download extensions though.

  3. Avatar

    StanR

    Paul, you seem to favor routinely storing passwords in a browser. Is Edge an exception to the maxim that a security conscious user never lets a browser store pws because browsers store pws in plaintext, so the first place a hacker goes is to the pw cache in the user's browser? What makes Edge's pw storage secure? Thanks.

  4. Avatar

    Igor Engelen

    Personally I think it depends on how you (want to) use your pc. If you want to use your pc like an iOS device or Windows phone for that matter, a Microsoft account is the way to go. This is for people that want to move to a new machine after x years without any hassle. Just logon and you'll get your apps and files. (Store apps are a crucial factor here, Windows 10 Cloud?)

    Then there's the people that are heavily relying on desktop apps. For them a Microsoft account offers very little or no advantages. There's a fixed list of actions they have to go through when installing a new pc anyway.

  5. Avatar

    Wizzwith

    I see many thought same as me - there are obvious good reasons to use an MSA, but are there any good reasons NOT to? It seems to be an irrational choice based on just a couple scenarios I can think of.

    • Unsubstantiated FUD about privacy or something in which case you better not be using iOS or Android, or the internet :D
    • Some fear of moving forward with technology and change. In which case why treat Windows different from iOS/Android, both of which you are signing into with the equivalent of an MSA. 


    If there is some rational reasoning behind this, I'd love to know. Not meaning to be snarky, I really want to know.  

  6. Avatar

    froggstar

    On a fresh install I sign into windows with a local account first, using a separate password. Then I connect my Microsoft account. Therefore I log into my machine with its own password (ie not the same MSA password), and keep my Microsoft account password more complex and secure. I suspect Windows maintains the hash and is the same process Windows Hello does when you wear glasses, or even allows a totally different face to log into the same account, or add a PIN, etc. All my settings are then sync/backedup as normal.

  7. Avatar

    Wizzwith

    You forgot another big reason to use the MSA is to tie license activation to your account, which is very useful for when you need to switch hardware or have activation issues for any reason down the line.

     

    Regarding converting local to MS Accounts to get a prettier user folder name…

    This only really applies to us Nerd-OCD'ers, if you don't give a rat poop how your user home folder is named, than just sign in with the MSA off the bat. 

    The home folder name is not as bad as it used to be - it now uses the first 5 letters (skips symbols, not sure about numbers) of the account name as opposed to before it was something like the first 3 letters, and then _001 or something like that.  

    So for paul.thurrott at pocketpaul.com the user folder will be called "pault". Still not nearly as good or pretty as "Paul", but certainly closer to acceptable than "pau_001". Still not OK with me or anyone else with Nerd-OCD, but the vast majority of people probably never notice or care.  

    So I'm not sure the standard advice to people should be the local account swap - it's just unnecessary steps for people that won't care. Instead perhaps that part should be a foot note for those of us who are bothered.

    • Avatar

      Waethorn

      In reply to Wizzwith:

      When you're servicing other people's computers and you don't have their user names because you're trying to get files off a failing hard drive or whatever, if someone uses [email protected], try to figure out whose user account that is when looking at the folder name alone. If you have an adult whose kids accounts are set up with Microsoft Accounts, and they don't know which address they use, good luck with that.

  8. Avatar

    F4IL

    Valid points. No need to commit to a Microsoft Account if you don't need one.

  9. Avatar

    Wizzwith

    If you really want to do this right, separation of Admin and Standard users really should be part of it. Running as a standard user mitigates so many security issues, it really should be standard practice. 

    First, create a local admin account, which will always be a local account only, and rarely if ever used to login to the computer.   

    Then, whatever account(s) you will use day to day, create as a standard user, which can be your MSA account(s). 

     

    This is what I do, and recommend, on initial setup of Windows:

    1. Create the initial user as a local account, call it Admin, and give it a password.
    2. Create each additional account that will login to the computer.  Let's assume this is a family PC so 3+ accounts as an example. 
    3. Create each as a local account. They will be created as a Standard user by default. 
    4. Name each one simply by the person's first name, or shortened first name - e.g. Paul, Mary, and their child, Brad.
    5. Give each a password (can be the short/same on each account since this'll be changed shortly).
    6. Login and logout of each account in turn, so that the user profile folder will get created with the same name you just created each account with.
    7. Login to each local account and change each you want to a MSA. 
    8. Sit back and bask in the glory of your beautifully named user profile folders and MSA enabled users. 

     

    Special considerations when using MS Family (this assumes you already have Family relationships setup on your MSA online)

    • If you log into the PC with an Adult Family account and that user is an Administrator on the PC, all the other Family member accounts will automatically be added in a sort of "ready state" so that you can easily add them with a single click. Nice convenience, but if you care how those user profile folders get named this is not desirable. 
    • The 5 character account name (used for the user profile folder) will be reserved so you will not be able to manually add those users anymore if you wanted to use the same name.
    • No existing local account on the PC can be converted to an MSA that matches any of the family members. It will inform you that account already exists on the PC (which it does, in an inactivated state). 
    • Logging into the PC with an Adult Family member who is NOT an Administrator on the PC will not auto add any of other family accounts as a Standard user doesn't have authorization to add or modify other users.
    • So, to maintain control over user profile folder names, simply don't elevate any MSA Family account member to Administrator UNTIL all other accounts in the family group have been created and logged into as MS accounts.   
    • If all the family member accounts are already in use as MSA's on the PC, any adult member can be elevated to Administrator, and the family accounts will automatically show up as family members under the user settings.


  10. Avatar

    Todd Abernathy

    My advice is Create a LOCAL account for Microsoft on Win10 computer and then for appstore make a NOT so important account to use if needed for app store, having had from the days of long ago hotmail accounts, all my online history was Hacked and my MSA stolen...unable to recover my email has been sad as I look at my desktop screen at folders that once had access after hacked and syncing now locked me out Because I willingly entered my MS email when I upgraded to WIN 10 not fighting through to make the Local account administrator... beware as ID Theft has been nightmare and Windows seemed to not care....20+ years all because syncing across devices.....think twice before doing and push through the MSA directions to think linked is best...Local is safer as its a hard lesson to learn.

    P.s as for 2 factor I watched in 10min receiving 3 text messages as my backup email changed, recovery phone# changed, and a text that unusual activity was noticed on my account....WOW...all because todays bad guys and enabling sharing can go very bad on a home family computer... One word "LOCAL"

    • Avatar

      hometoy

      In reply to Todd Abernathy:

      I set up 2-factor authentication on my Google account. Then one day got the verification code sent to my phone even though I wasn't trying to log in.


      Kept a close eye on my account and made sure I was already logged in, in case anything were to start changing.

      • Avatar

        Todd Abernathy

        In reply to hometoy:

        Know exactly same incident, even so much with my hacked MSA thieves even sending emails to my family members posing as me trying to somehow get my gmail password...with things like "Hey xxxx it's me, do you by chance remember my password for my gmail login...." when I read them it made my blood boll with if I ever found them....., 2-step and a weird mixed password only way everything now.

  11. Avatar

    Jeff Jones

    So, another reason that Chrome is better. It allows you to create multiple browser instances (with their own bookmarks and syncing) under separate Google Accounts within a single OS sign in.

    Not to mention that Chrome runs on multiple operating systems, including Windows 7/8.

  12. Avatar

    legend

    Alright, now we know the advantages of signing in with a MSA. But what exactly are the advantages of using a local account?

  13. Avatar

    Thomas Crowe

    Paul, I'm not really sure what the disadvantage to using a MSA is. You mention all the workarounds if you really didn't want to use an MSA, but are silent about why people wouldn't want to use it. I have one very good reason not to use it that no one has ever mentioned. If you don't trust your government, and suspect they might want to get into your computer, all they have to do is ask Microsoft to change your MSA password and connect your computer to the internet and login with the new password. That can't be done with a local account. That mixed in with TPM (device encryption) will make it a lot more difficult to get in.

  14. Avatar

    Waethorn

    There's another discussion you missed. When you set up a user account with a Microsoft Account setup from the start, two things happen:


    1) the user account folder name uses the first 6 letters of your email address instead of any part of your full name as registered to your Microsoft Account. This makes it difficult to work with folders manually if you have multiple users with email addresses that use nicknames or odd wording.


    and 2) it gives you the option to save files to OneDrive by default, as well as sets up the default Quick Launch links for Documents and Pictures to OneDrive. If you change your account later to a Microsoft Account from a local one, it won't ask you this, so you have to go into the OneDrive desktop app to change these settings manually.

  15. Avatar

    FullyLoaded

    So if I read the article right, you're saying there are no clear advantages for you to sign in with your MSA. Are there any disadvantages? I login with my MSA so the apps "will just work". I haven't noticed any downside to using it.

  16. Avatar

    Informed

    I thought you can't download new apps if using a local account. Is that not the case anymore? I remember that's how it was in Windows 8.1; it'd be encouraging if the latest version of Windows 10 has done away with that limitation -- it'd certainly be smart on Microsoft's part to make it easier for people to install apps.

  17. Avatar

    hometoy

    It's so easy to install and sync Google Chrome and Mozilla Firefox that the Edge sync doesn't do anything for me. Not to mention my other devices aren't running Windows 10 so syncing Edge is pretty moot for me.


    If I am right, though, your kids have to sign in with their MSA to utilize family safety. In Windows 7 you had to use Live to get the better controls.

  18. Avatar

    PeteB

    Always use the local account option. Always. There's nothing in the crappy app store worth anything, Edge is a half baked disaster that still freezes when opening a new tab, and they still cant get settings sync to work right..

    Despite the insistence of the closet MS employee drones posting here, there's no upside to MSA.

    • Avatar

      mebby

      In reply to PeteB:

      Does anyone use Google or Apple accounts? This is a serious question, don't you need to log-in to Apple's and Google's account when using their mobile devices and services?

      • Avatar

        brinel321

        In reply to mebby:

        I use my @outlook.com account to login into iTunes/app store.

      • Avatar

        venommob108

        In reply to PeteB:

        I use a B.S. Gmail account for my rooted Android phone, never save numbers in my phone, I buy apps from Android with a prepaid credit card, I have no interest in Facebook, I own an Ipod, but have NEVER had an Apple account nor used the ITunes store. I just purchased a new Win 10 laptop in January (My last Windows OS ever), do not have a MS account, nor are any email accounts linked with MS In any iteration of Windows I've owned. I do not feel like I'm 'Missing Out' at all with those features.

        I deleted Cortana on sight, along with Windows Defender, The MS Store and every app, No Edge, no Live Tiles, tackled every telemetry/ error reporting service/ log/ hosts file I could find, and disabled Windows Update. I've loaded updates manually since...forever.. My update history in 'Settings' reads "No updates have been installed yet" despite my Version History being 1607 Build 14393.726...The latest update from January 26th 2017.

        My newly hardened laptop runs like Win7 on steroids. It's a great OS without the junk. I am but a humble Win10 Home user, who simply needed an upgraded OS and nothing more. MS has taken the 'Personal' out of computing with the snooping. The last thing I will ever do is 'Sign In' with MS. Because transparency issues.



  19. Avatar

    bsquarednc

    How about the ability to download apps? You can't do that without a MS account, right? Contrary to your opinion, there are quite a few very useful Windows 10 apps.

    • Avatar

      Wizzwith

      In reply to bsquarednc:

      You can sign in separately to the Store to get apps. Even if you're using an MSA for Windows, you can sign into the Store with a different ID (useful for family sharing etc.). And yeah, there are an increasing number of useful apps in the Store these days. :)

  20. Avatar

    Stoffel

    MS Is making it harder and harder to ignore the MSA for sign in though.

    After reading your article and receiving my new HP Spectre i logged in with a local account, did what i needed to do.

    Then when i open the Minecraft, i was curious and it came pre installed, it asked me for my XBOX account password.

    Entered it and it basically changed my local account into my MS account from that point on.

    Didn't notice anything saying it would do that at that point.

Leave a Reply