2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'

Information

This policy setting prevents users from adding new Microsoft accounts on this computer.

The recommended state for this setting is: Users can't add or log on with Microsoft accounts.

Rationale:

Organizations that want to effectively implement identity management policies and maintain firm control of what accounts are used to log onto their computers will probably want to block Microsoft accounts. Organizations may also need to block Microsoft accounts in order to meet the requirements of compliance standards that apply to their information systems.

Impact:

Users will not be able to log onto the computer with their Microsoft account.

Solution

To establish the recommended configuration via GP, set the following UI path to Users can't add or log on with Microsoft accounts:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts

Default Value:

Users are able to use Microsoft accounts with Windows.

See Also

https://workbench.cisecurity.org/files/3719

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CSCv7|16.2

Plugin: Windows

Control ID: 56bdbedd939c21e681b31731ec0ffbd1797af1a6c6977dfa64de35944f107a44