Since Windows 8, Microsoft has been more and more insistent that you sign in to your Microsoft account. But what are the tradeoffs?
If you’ve set up a new Windows computer in the last ten years or so, you’ve probably run into a step that asks you to sign in. Over the past few versions of Windows, Microsoft has made it less and less obvious how to skip this step, suggesting that they’d really like for you to sign in when you set up your operating system. There have always been a few privacy concerns about this sign-in process, but knowing what some of the benefits and risks are can help you make the decision that’s right for you. Today, we’ll take a look at the Windows account setup process, and some workarounds if you’d rather not sign in to your device.
Cloud Identities for Business and Personal Use
Back when the signing in to Windows was first introduced, what it showed was an interest from Microsoft in integrating a lot of the software that you use in Windows with the services that Microsoft offers around them. Signing in to Windows with your personal Outlook (or Live.com) account made it more seamless to use software and cloud offerings like OneDrive, what was then called Office 365, and other additional software that might be used for either business productivity or for personal use. Once signed-in to the operating system, apps can just open up without asking for credentials.
In Windows 10, the screen looked like this:
That sign-in process, though, is separate from signing in to your business resources by using your Active Directory (AD) credentials. Active Directory is the server technology that manages your company’s network infrastructure, identity management, and resources. Classically, AD is an on-premises server technology, although it can also be augmented with VPNs or hosted in the cloud today. Beyond that, Entra ID is a way that organizations can manage identities in the cloud without a full AD.
Signing in to Windows with your personal account doesn’t necessarily stop you from also logging in to your company’s network; the two are totally separate ways of managing your device. If you work at a company with a full-fledged Bring-Your-Own-Device policy, then it’s important to know that you might still be able to sign in with your personal credentials, but it will be designed and implemented with your company’s overall security settings taking precedence. In other words, if your company’s security settings and position on personal devices doesn’t allow for you to sign in to a personal account, network resources won’t be available from that device.
What Are the Privacy Implications of Signing In?
While business-use of your device is one important consideration when signing in to Windows, another important consideration is whether you’re okay with the privacy implications of being signed in to your operating system. Steadily, since Windows 8, the integration of cloud-based identity management through Outlook accounts and Windows integration has been part of a push to use the operating system as an advertising platform. This means that more advertisements have been added to the Start Menu, for example, over time; it also means that more information has been gathered about what you use your computer for and packaged for personalized advertising.
A lot of commentators over the years have complained about signing in to your account, since it makes it so easy to package your usage patterns and behaviors to sell as marketing data. After more than a decade of this information collection, it’s clear that large companies are very interested in turning personal data into a commodity, and the operating system is only one place that this information can be gathered, and only one place where the advertisements can be served. You may be surprised to find these two settings tucked away in the Settings app of Windows 11:
As you can deduce from this first setting, Microsoft already has a profile associated with you for advertising purposes, just like other major technology and marketing companies like Google, Meta, and others. Since there’s so much information generated by all of the apps you use, including your operating system, the ship has probably sailed on being able to anonymize your computing anyway. Other companies still build out comprehensive profiles of your preferences for the purpose of selling ads, and they do it through other means: cookies, web browsers, tracking IP addresses, and virtually any other way of identifying you. Signing in to an account might make the data collected on you more specific, but it doesn’t make it more complete.
Practical Reasons to Not Sign in to Windows
So why skip the account login for Windows? There are a few practical reasons. First, if you only use your device for work-related activities, then not signing in can help make sure that you aren’t mixing up your devices or accounts. Sending an email from your personal email account instead of your professional one is an easy way for that email to get lost of misused.
Signing in is intended to integrate Windows with other services that Microsoft would like for you to rely on, like using OneDrive for backing up folders (and eventually needing to pay for more space). There are some syncing features that might be desirable as well, like syncing your browsing history between your phone and your computer. If you have other backup solutions, or use a different browser, these features aren’t really appealing, though, and might make for a headache when the apps ask you to configure or use them instead of your preferred solution.
The main scenario that comes up, though, is setting up a device for someone else to use. If you are setting up the system on behalf of someone else, then you don’t want to worry about setting up a password or MFA and transferring the credentials to them. Signing in with an Outlook.com account means that you need the credentials to the user’s account, and it’s not good practice to share the credentials to that account with anyone.
The Workarounds
Setting up a device in the usual fashion for use with an Active Directory (local accounts) means that there always has to be a workaround that doesn’t involve cloud sign ins of any kind. If the computer isn’t intended to have personal accounts on it at all, then this step is simply not harmonious with this intention. The more Microsoft has made it necessary to log in to a personal account during set up, the more it seems clear that they intend for business devices to be set up via other avenues.
Currently functional workarounds for Windows 11 are different between the Home and Pro versions. The pro version appears to still have a option to make a local account available when you disconnect it from the internet during installation. If you’re setting up Windows 11 Home, you’ll need to use specific fake email address to get past the sign in. Just log in with “no@thanks.com” and you’ll not be bothered to sign in to a real cloud account. These workarounds might change with any update of the operating system, though, so make sure to do a thorough search if they stop working.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team