Accounts: Block Microsoft accounts


Although Microsoft accounts are password-protected, they also have the potential of greater exposure outside of the enterprise. Additionally, if the owner of a Microsoft account is not easily distinguishable, auditing and forensics become more difficult. It is best practice to disable "Add and Login for Microsoft account" in enterprise or secure environments.

More info: