Accounts: Block Microsoft accounts


Although Microsoft accounts are password-protected, they also have the potential of greater exposure outside of the enterprise. Additionally, if the owner of a Microsoft account is not easily distinguishable, auditing and forensics become more difficult. It is best practice to disable "Add and Login for Microsoft account" in enterprise or secure environments.

More info:


To fix this configure the policy value for:
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Accounts: Block Microsoft accounts Set [Users can't add or log on with Microsoft accounts]

STIG: Desktop:

Nist 800-53: AC-2(1),
CSCv7: v16.2
CIS v7: v16.2 Configure Centralized Point of Authentication
CSI v8: v5.6