Managing Privacy: Using a Microsoft Account to Logon and Resulting Internet Communication
Updated: October 17, 2013
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
In this section
Using a Microsoft Account to login to Windows is designed to extend the capabilities of Windows by enabling cloud services that sync user Windows personalization settings such as the start page, language preferences, Windows Store apps installed, browsing history, and browser favorites.
Overview of Using a Microsoft Account to Logon to Windows
A Microsoft account—an email address and password—is a new way to sign in to any PC running Windows 8 or Windows RT or later. You might already have a Microsoft account. If you use other Microsoft services like Messenger, Hotmail or Xbox LIVE, the email address and password you use to sign in are a Microsoft account. If you have an existing Windows Live ID, that's the same thing: "Microsoft account" is the new name for what used to be called a "Windows Live ID." When you sign in with a Microsoft account, your PC is connected to the cloud, and many of the settings, preferences, and apps associated with your user account can "follow" a user between different PCs
Signing up for a new Microsoft account for this feature to work is not a requirement. Many online services use a "string" like email@example.com to represent a user name, even though that string looks like an email address. For example, when you order books at an online bookstore, your user name may look like an email address, even though your online book seller does not manage your email. The firstname.lastname@example.org address is just a convenient way of identifying you, since most Internet users these days have email addresses. Your email account and password will still be managed by whatever email provider you choose, and the user name and password provided is used to synchronize and manage your settings and state across Windows PCs, even if you haven’t signed up for Hotmail or other Microsoft services that use this ID.
During the initial Windows user setup process, users are now prompted to optionally choose to create a new Microsoft account (formerly known as a Windows Live ID) or use an existing ID for login. If you choose to create a new account, you can use any email address you want as your new ID, and then create your unique password. Local Windows account functionality has not been removed and is still an option in managed environments. In order to download apps from the Windows Store a Microsoft account is required.
Benefits and purpose of using a Microsoft Account to Login
Download Windows Store Apps: You can buy and download apps from the Windows Store, and use them on multiple PCs running Windows 8 or Windows RT or later. Windows Store apps leverage the refreshing Microsoft Design principles so content is central to your application experience on Windows 8.
Single Sign-On: Users can use Microsoft account credentials to sign in to devices running Windows 8. When they do this, Windows 8 works with your Windows Store app to enable authenticated experiences for them. On Windows 8, a user can associate a Microsoft account with his or her sign-in credentials for Window Store apps or websites, so that these credentials roam across any devices running Windows 8 or later. After the user signs in with that account to a device running Windows 8 or later and then runs an app or visits a website, if the corresponding stored sign-in credentials are available, Windows attempts to sign the user in automatically. When a user signs in with a Microsoft account to a device running Windows 8, any apps and services running on that device that also use Microsoft accounts for authentication can sign in with that user's Microsoft account and get data that the user has consented to share.
Personalized Settings Synchronization: A user can associate his or her most commonly used operating-system settings with a Microsoft account. These settings are available whenever the user signs in with that account on any device that is running Windows 8 and connected to the cloud. After the user signs in, that device automatically attempts to get the user's settings from the cloud and apply them to the device.
App Synchronization: Windows Store apps can store user-specific settings so that these settings roam across any devices running Windows 8 or later. As with operating-system settings, these user-specific app settings are available whenever the user signs in with the same Microsoft account on any device that is running Windows 8 and is connected to the cloud. After the user signs in, that device automatically downloads the settings from the cloud and applies them when the app is installed.
Integrated Social Media Services: Your friends’ contact info and status automatically stay up to date from places like Hotmail, Outlook, Facebook, Twitter, and LinkedIn. You can get to and share your photos, documents, and other files from places like SkyDrive, Facebook, and Flickr.
Microsoft Account and User Information Synchronized
When you login and connect to a Windows 8 computer with a Microsoft account, users choose which settings to sync. For security purposes, all synced settings are transmitted using SSL/TLS encryption. Some of these settings won't be synced on your PC until you add your PC to your Microsoft account as a trusted PC.
Personalize: Colors, background wallpaper, lock screen and account picture.
Desktop personalization: Themes, taskbar, high contrast, and more.
Passwords: Sign-in info for opt in apps, websites, networks, and HomeGroup.
Ease of Access: Narrator, Magnifier, and more.
Language Preferences: Keyboards, other input methods, display language, and more.
App Settings: Certain app settings and purchases made in an app.
Browser: Settings and info like history and favorites.
Other Windows Settings: Windows Explorer, mouse, and more.
Sync Settings over Metered Connections
Sync settings over metered connections even when I’m roaming: The ability to send information across the Internet or link to a Web site can be prevented through a Group Policy setting.
Safeguarding Microsoft Account Information Stored in the Cloud
Credential information is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties.
How Microsoft Account Information is Safeguarded
Strong password is required. Blank passwords are not allowed. Credential information is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties.
Secondary proof of identity is required. Before user profile information and settings can be accessed on a second Windows 8 computer for the first time, trust must established for that PC by providing secondary proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address specified in your account settings.
All user profile data is encrypted on the client before transmitted to the cloud. Profile data is also protected as user data does not roam over WWAN by default. All data and settings that leave your PC are transmitted using SSL (secure socket layer) and TLS (transport layer security).
For more information see the following resources on the Microsoft Web site: