Exam Spotlight: Controlling Microsoft Accounts & the Windows Store 

Relevant Exam: 70-697 – Configuring Windows Devices

With the release of Windows 8, Microsoft encouraged users to create a Microsoft Account and use it as their Windows 8 log in. Doing so allows users to sync several Windows configuration settings to the cloud, and have them automatically pulled down to any Windows device the user logs into with their Microsoft Account.

Microsoft Accounts are also necessary to use the Windows Store, which was launched along with Windows 8. Again, using a Microsoft Account to log into Windows lets users download apps on multiple devices (up to 10) and sync app settings as well.

Microsoft Accounts and the Windows Store are fully implemented in Windows 10, and how to leverage or block these features in the enterprise is an exam topic that candidates may potentially see on Microsoft’s 70-697: Configuring Windows Devices exam.

Most people know that Microsoft Accounts can be linked to a local user account on a Windows 10 device. Microsoft Accounts can also be linked to an Active Directory domain account. Doing so makes it possible to sync user settings between a local account and a domain account.

What is the use case for this? One possibility is enabling a user to have the same application settings on their home computer and work computer, giving them a consistent application experience on both devices. Other Windows settings that can be synced include:

Desktop appearance

  • Language preferences
  • Start Screen icons (when using Win10 in Tablet Mode)
  • Web browser bookmarks

A user can link their Microsoft Account with a local or domain account by launching the Windows 10 Settings app, selecting the Accounts page, and choosing the Your account tab. The settings to be synced between machines are selected on the Sync your settings tab of the Accounts page.

But, admins may not want users to use their Microsoft Accounts with work devices. Thankfully, admins can control Microsoft Account settings through Group Policy.

In the Local Group Policy Editor, the relevant setting is located in Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

The policy to configure is “Accounts: Block Microsoft Accounts.” If this setting is disabled, users are able to use their Microsoft Accounts.

Here are the other setting options:

Users can’t add Microsoft Accounts

  • Users can’t add or log on with Microsoft Accounts

Both settings prohibit the use of Microsoft Accounts. The bottom setting will also prevent any current Microsoft Account users from logging on to a Windows device.

The Windows Store is very similar to Apple’s App Store and the Google Play store. Paid and free apps can be downloaded onto the device used to browse the store. These apps are automatically associated with the Microsoft Account of the user.

As you would expect, admins can use Group Policy to block access to the Windows Store. In this instance, open the Local Group Policy Editor and browse to Computer Configuration > Administrative Templates > Windows Components > App Package Deployment. Look for the setting “Allow All Trusted Apps To Install” and disable it.

Take that, Windows Store!

Aaron Axline is a technology writer and knowledge management specialist based in Canada. His work has appeared in titles from Que Publishing and on popular tech blogs and sites. His professional writing site is AaronAxline.blogspot.ca.

Posted on 9th August 2016 in Blog, Certification, Featured Article, Microsoft

Comments are closed.