I recently bought a new computer, for family use (the Lenovo Flex 15 that I was whinging about the other week finally turned up). As it’s a new PC, it runs Windows 8 (since upgraded to 8.1) and I log in with my “Microsoft account”. All good so far.
I set up local accounts for the kids, with parental controls (if you don’t use Windows Family Safety, then I recommend you do! No need for meddling government firewalls at ISP level – all of the major operating systems have parental controls built in – we just need to be taught to use them…), then I decided that my wife also needed a “Microsoft account” so she could be registered as a parent to view the reports and over-ride settings as required.
Because my wife has an Office 365 mailbox, I thought she had a “Microsoft account” and I tried to use her Office 365 credentials. Nope… authentication error. It was only some time later (after quite a bit of frustration) that I realised that the “Organization account” used to access a Microsoft service like Office 365 is not the same as a “Microsoft account”. Mine had only worked because I have two accounts with the same username and password (naughty…) but they are actually two entirely separate identities. As far as I can make out, “organization accounts” use the Windows Azure Active Directory service whilst “Microsoft accounts” have their heritage in Microsoft Passport/Windows Live ID.
Tweeting my frustrations I heard back from a number of online contacts – including journalists and MVPs – and it seems to be widely accepted that Microsoft’s online authentication is a mess.
@markwilsonit @Office365 hahahahahahahhahahahahahaha (sorry it's a total mess)
— Jon Honeyball (@jonhoneyball) November 28, 2013
As Jamie Thomson (@JamieT) commented to Alex Simons (@Alex_A_Simons – the Programme Director for Windows Azure Active Directory), if only every “organization account” could have a corresponding “Microsoft account” auto-provisioned, life would be a lot, lot simpler.
I think “its a total mess” is a bit harsh. They have two identity systems, one for each of two different usage scenarios and when you understand that its clearer (to me, anyway) why you had problems with your wife’s account.
Is it overly-complicated and confusing? Yes, I think so. This definitely needs to improve.
Don’t use an online account at all. Don’t risk losing access to your device by locking out your Microsoft online account. Just make a local account every time. http://www.hanselman.com/blog/HowToSignIntoWindows8Or81WithoutAMicrosoftAccountMakeALocalUser.aspx
Using a Microsoft account is useful in some ways. For example, my browsing history follows me, and (only because my credentials match), Windows automagically configured email. It’s also necessary for me to have a parent in Windows Family Safety. Creating local accounts is fine for some purposes (e.g. accounts for my kids, who don’t yet use online services) but I’m not sure the risk of losing access by locking myself out of my Microsoft account is that great – there is a password reset process, should I need it.
Jamie, “total mess” may be a little harsh – I think John had some specific use cases he was referring to – but your right that things need to improve – reading Tim Anderson’s recent article on Microsoft cloud account problems highlights some of the challenges: http://www.itwriting.com/blog/7844-microsoft-cloud-account-problems.html
“Total mess” is a pretty good definition of my current experience with Microsoft Online services authentication.
Having just purchased some 365 accounts for the company, I received an e-mail asking me to start the activation process, so I clicked the link, logged in and was promptly greeted by an “unhandled exception” and a suggestion that I “use another account”. So go to VLSC and create the account there, log in and after some trouble manage to get the licenses to show up there.
Then I try to activate from VLSC and it asks me if I want to use the account I created or the one my IT department did. I am the IT department, so what now?
Choosing the one I created leads me to another login screen which in turn ends up in a blank screen with no return whatsoever. Choosing “the one my IT department created” leads back to unhandled exception, so no joy there.
I think I’ve made my life harder by using the same account name for both purposes, but this only happened because Microsoft tries to make it all look seamless and I didn’t even realize I was creating multiple credentials.