Microsoft explains why it wants you to switch to Microsoft account from Local account


BobOmb said:
with bitlocker enabled a local account can be just as secure, you just need to store your own key
Click to expand...
Bitlocker is protected by the user account, a local account can not have a secure password, thus it is not protected.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.18 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
TairikuOkami said:
Bitlocker is protected by the user account, a local account can not have a secure password, thus it is not protected.
Click to expand...
there is no difference if the account is local or ms

if the drive is bitlocker locked you cannot access the user registry data to reset the user account

if the drive is bitlocker unlocked you can create a new admin user by booting WinPE against the same TPM

same behavior 👍
 

My Computer

System One

  • OS
    PE
BobOmb said:
there is no difference if the account is local or ms

if the drive is bitlocker locked you cannot access the user registry data to reset the user account

if the drive is bitlocker unlocked you can create a new admin user by booting WinPE against the same TPM

same behavior 👍
Click to expand...
This is not true. Standard Bitlocker will by default be unlocked by the tpm when the machine boots. It's only protected if the drive is moved to another machine or different hardware. Booting off an external media with certain tools can be used to change a password or reset it for a local account.

Setting a bitlocker unlock pin or password to boot into windows is one of the ways you can prevent this.

A microsoft account is the only way to prevent a password from being changed by bootable media with or without bitlocker. You can harden things further by using 3 incorrect attempt lock out plus bitlocker with startup pin plus a microsoft account.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    2TB XPG nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Internet Speed
    900mbps DOWN, 100mbps UP
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
I still dont see where a microsoft account is needed, every feature you listed can be enabled on a local account

there is no mention of a microsoft account anywhere in that link

the fact that it can be remotely locked by too many failed attempts by any random person also makes me avoid using it.. (to be fair the same is true with all online accounts, but if you cant sign into your computer you need another device to start resetting passwords)
 

My Computer

System One

  • OS
    PE
i use a local account and have it encrypted with VeraCrypt in fact last time i checked my Hotmail account i have no machines registered with Microsoft but my system is activated. i also have the install usb for Win11 sent up vis Rufus but if MS plays games i would just turn the internet off completely then install if that was the only way to install Windows and bypass MS.
i would not go back to Ubuntu while they force snaps on everybody so i will find ways to bypass any MS requirements ..
 

My Computers

System One System Two

  • OS
    Debian 13 Testing Win 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    900MB full fibre
    Browser
    Firefox ESR & Thunderbird
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
  • Operating System
    Windows 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 5 5500u
    Motherboard
    HP
    Memory
    32GB DDR4 3200
    Graphics card(s)
    AMD Radeon GPU
    Sound Card
    RealTek
    Monitor(s) Displays
    HP
    Hard Drives
    1TB WD blue SN580 M2 SSD Partitioned.
    250GB C:/Windows .. 750GB D:/Home.
    2x 1TB HDD External Backup/Storage.
    Internet Speed
    900MB Full Fibre
    Browser
    Microsoft Edge
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Windows Software
    'The Wife's Computer'
BobOmb said:
if the drive is bitlocker locked you cannot access the user registry data to reset the user account
Click to expand...
Utilman method works on 24H2, you can change or remove local password within seconds (locally or remotely, if infected).
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.18 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
BobOmb said:
I still dont see where a microsoft account is needed, every feature you listed can be enabled on a local account

there is no mention of a microsoft account anywhere in that link

the fact that it can be remotely locked by too many failed attempts by any random person also makes me avoid using it.. (to be fair the same is true with all online accounts, but if you cant sign into your computer you need another device to start resetting passwords)
Click to expand...
You don't need another device. You can reset the password using your 2fa and other methods right on your device using forgot password link. The Microsoft account password cannot be modified at boot. You can try it yourself or see the multiple threads online. That's why it's safer than a local account.

But yes if your using a local account with bitlocker pin at boot, you will be protected from a password reset tool. But the default bitlocker behavior you will not.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Ryzen 7 5700 X3D
    Motherboard
    MSI MPG B550 GAMING PLUS
    Memory
    64 GB DDR4 3600mhz Gskill Ripjaws V
    Graphics Card(s)
    RTX 4070 Super , 12GB VRAM Asus EVO Overclock
    Monitor(s) Displays
    Gigabyte M27Q (rev. 2.0) 2560 x 1440 @ 170hz HDR
    Hard Drives
    2TB Samsung nvme ssd
    2TB XPG nvme ssd
    PSU
    CORSAIR RMx SHIFT Series™ RM750x 80 PLUS Gold Fully Modular ATX Power Supply
    Case
    CORSAIR 3500X ARGB Mid-Tower ATX PC Case – Black
    Cooling
    ID-COOLING FROSTFLOW X 240 CPU Water Cooler
    Internet Speed
    900mbps DOWN, 100mbps UP
  • Operating System
    Chrome OS
    Computer type
    Laptop
    Manufacturer/Model
    HP Chromebook
    CPU
    Intel Pentium Quad Core
    Memory
    4GB LPDDR4
    Monitor(s) Displays
    14 Inch HD SVA anti glare micro edge display
    Hard Drives
    64 GB emmc
andrew129260 said:
The Microsoft account password cannot be modified at boot. You can try it yourself or see the multiple threads online. That's why it's safer than a local account.
Click to expand...

Well, just to check it out, I just downloaded the latest Win11 from Microsoft's website, created a bootable Windows 11 install USB, did a normal install on a dummy machine and set it up using a Microsoft account... Then I turned on Bitlocker and rebooted. The machine is running on WiFi.

During boot at the login I had to wait for a network to connect before i could click anything and afterwards clicking the sign in option did nothing but return me to a lock screen.. the button border was missing and only the text Sign-In was there, smh

I can however confirm that the drive was also locked and completely inaccessible via bootable media :lmao:

No thanks on the MS account for login purposes ;P
 

My Computer

System One

  • OS
    PE
BobOmb said:
what happens if someone remotely enters your email address for login creds and locks your account from across the planet?
Click to expand...

That isn't going to happen with a Microsoft Account (and allied services) setup as mine is. It is password less and instead uses facial recognition as the principal login method with MFA via the Authenticator app in my mobile.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Intel Core i9 13900K
    Motherboard
    Asus ProArt Z790 Creator WiFi - Bios 2703
    Memory
    Corsair Dominator Platinum 64gb 5600MT/s DDR5 Dual Channel
    Graphics Card(s)
    Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-X 24GB
    Sound Card
    External DAC - Headphone Amplifier: Cambridge Audio DACMagic200M
    Monitor(s) Displays
    Panasonic MX950 Mini LED 55" TV 120hz
    Screen Resolution
    3840 x 2160 120hz
    Hard Drives
    Samsung 980 Pro 2TB (OS)
    Samsung 980 Pro 1TB (Files)
    Lexar NZ790 4TB
    LaCie d2 Professional 6TB external - USB 3.1
    Seagate One Touch 18TB external HD - USB 3.0
    PSU
    Corsair RM1200x Shift
    Case
    Corsair RGB Smart Case 5000x (white)
    Cooling
    Corsair iCue H150i Elite Capellix XT
    Keyboard
    Logitech K860
    Mouse
    Logitech MX Ergo Trackball
    Internet Speed
    Fibre 900/500 Mbps
    Browser
    Microsoft Edge Chromium
    Antivirus
    Bitdefender Total Security
    Other Info
    AMD Radeon Software & Drivers 24.12.1
    AOMEI Backupper Pro
    Dashlane password manager
    Logitech Brio 4K Webcam
    Orico 10-port powered USB 3.0 hub
  • Operating System
    Windows 11 Pro 24H2 26100.2894
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook X1605VA
    CPU
    Intel® Core™ i9-13900H
    Motherboard
    Asus X1605VA bios 309
    Memory
    32GB DDR4-3200 Dual channel
    Graphics card(s)
    *Intel Iris Xᵉ Graphics G7 (96EU) 32.0.101.6078
    Sound Card
    Realtek | Intel SST Bluetooth & USB
    Monitor(s) Displays
    16.0-inch, WUXGA 16:10 aspect ratio, IPS-level Panel
    Screen Resolution
    1920 x 1200 60hz
    Hard Drives
    512GB M.2 NVMe™ PCIe® 3.0 SSD
    Other Info
    720p Webcam
Wisewiz said:
"A Microsoft account, on the other hand, is associated to an email address and password that you use with Outlook.com, Hotmail, Office, OneDrive, Skype, Xbox, and Windows."

Well, MS, I don't use Outlook.com, don't use Hotmail, don't use Office, don't use OneDrive (and never will), don't use Skype, don't use Xbox, and don't want the settings and files of my office computers synched unless I sync them. So p*ss off, MS!
Click to expand...

caritas-felices-bebe-imagui-16748575.webp
 

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Mouse
    Logitech G402
    Keyboard
    Logitech K800
    Internet Speed
    20Mbit/s up, 250Mbit/s down
    Browser
    FF
My guess is that that baby has just pooped his diaper, in which case, he is no longer full of it. Neither am I. Well, most of the time.
 

My Computers

System One System Two

  • OS
    11 Pro 24H2 26100.2454
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i7-9700 @ 3.00GHz
    Motherboard
    Lenovo 3132
    Memory
    32GBDDR4 @ 2666MHz
    Graphics Card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    LG E2442
    Screen Resolution
    1920x1080
    Hard Drives
    1 x Samsung 970 EVO PLUS 500GB NVMe SSD, 1 x WD_BLACK SN770
    250GB NVMe SSD (OS and programs), 1 x WD_BLACK SN770
    500GB NVMe SSD (Data)
    Case
    Lenovo SFF
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Mouse
    LogiTech M510 wireless
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome, sometimes Firefox
    Antivirus
    Malwarebytes Premium & Defender (working together beautifully!)
  • Operating System
    11 Pro 24H2 26100.2454
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i5-8400 @ 2.80GHz
    Motherboard
    Lenovo 3132
    Memory
    32GB DDR4 @ 2600MHz
    Graphics card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek High Definition Audio onboard
    Monitor(s) Displays
    LG FULL HD (1920x1080@59Hz)
    Screen Resolution
    1920 x 1080
    Hard Drives
    1 x Samsung 970 EVO PLUS NVMe; 1 x Samsung 980 NVMe SSD
    Case
    Lenovo Think Centre SFF
    Mouse
    LogiTech M510 wireless
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome
    Antivirus
    Malwarebytes Premium and MS Defender, beautiful together
You must log in or register to reply here.

Similar threads

Solved Switching From Microsoft Account To Local Account
Replies
16
Views
514
BruceR
B
Microsoft backtracks and restores Microsoft Account to Local account switching guide
Replies
1
Views
855
Brink
Brink
Microsoft apparently hates it when you switch from Microsoft Account to Local account
2
Replies
36
Views
4K
Bree
Bree
Backed to Local Account After Unintentionally Logging In: How to Keep My Device Listed in My Microsoft Account as Before?
Replies
6
Views
3K
CrazyBob126
C
  • Article Article
Accounts Enable or Disable Aliases to Sign in to Microsoft Account
Replies
0
Views
5K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom