Why you should NEVER login to Windows with a Microsoft Account! : Ask Your Computer Guy

[mat200]

Why you should NEVER login to Windows with a Microsoft Account!
Ask Your Computer Guy

 

[TonyR]

+1^^^^.
On setup of a new PC, MS loves to insist and make it difficult to set up local account because they want to keep track of you, send you pertinent stuff, etc. It's all about money and YOU are the sucker if they lure you into creating/using a MS account.

 

[bp2008]

One comment there has some golden advice that I was not aware of:

If you type 'a' in the username and password fields, it will tell you something went wrong and just let you make a local account.

That is great to know. But I bet they will "fix" it sooner or later. My previous approach was to set up the machine with it disconnected from the internet, and if it won't let me proceed, then do this: Open cmd with Shift + F10 and type OOBE\BYPASSNRO. Your computer will restart and now you will have the "I don't have Internet" option.

 

[jec6613]

My favorite method is to use an unattend.xml or otherwise automate setup.

As much as I don't like it, the vast majority of users should use a Microsoft account as the logon on their primary system. The security is much better, aside from AAD that underpins it being more secure than almost anything else, it's also not throwing your password all over the place as a local account will do if it discovers any shares (encryption downgrade is still a thing). Add in the TPM based Windows Hello security and Bitlocker (recovery of which does normally work on Home), and it's very hardened. If you're worried about privacy, sign up for O365 (the family plan is super cheap for what it gives you) and your data is now stored such that Microsoft doesn't look unless there's a warrant, which any cloud storage provider is just as susceptible to. Microsoft also makes a point of respecting your local privacy laws by leveraging their global Azure datacenter network, so an EU user has their data stored in the EU and subject to EU law, US is kept in the US, and so on. There are even further steps you can take if you set up as a business account.

This group isn't the average userbase though. If you're worried about physical security and privacy, chances are you're also worried about cybersecurity and privacy, and are willing to put in the effort to make it work for you. I certainly have, it's not always easy, especially if you're a big storage user or manage multiple sites, but it can be made to work. For any cloud service, always read and understand the T&C and PP, and if they're not in your country of residence, always be suspect - an EU resident using a US cloud service would be subject to FISA, for instance.

On setup of a new PC, MS loves to insist and make it difficult to set up local account because they want to keep track of you, send you pertinent stuff, etc. It's all about money and YOU are the sucker if they lure you into creating/using a MS account.

If you use the free tier, you're the product. Once you pay for it, that's no longer the case. They still track you using other means, but can't get into your personal user data. Microsoft isn't alone in this, nor are they the best or the worst company who does it, but they are the most consistent in where the line is drawn both domestically and globally. And there's a reason I don't use Google products even if they're the paid version.

 

[TonyR]

One comment there has some golden advice that I was not aware of:


That is great to know. But I bet they will "fix" it sooner or later. My previous approach was to set up the machine with it disconnected from the internet, and if it won't let me proceed, then do this: Open cmd with Shift + F10 and type OOBE\BYPASSNRO. Your computer will restart and now you will have the "I don't have Internet" option.

I do the set up on Ethernet and when it asks to create the MS account, I pull out the cable, back up with the left arrow up at the top/left, then click on "next", the MS account creation screen is gone, it's replaced with the screen waiting for you to create a local account.

 

[mat200]

..

If you use the free tier, you're the product. Once you pay for it, that's no longer the case. They still track you using other means, but can't get into your personal user data. Microsoft isn't alone in this, nor are they the best or the worst company who does it, but they are the most consistent in where the line is drawn both domestically and globally. And there's a reason I don't use Google products even if they're the paid version.

iirc the PCs we buy already had the OEM pay for the Microsoft OS included .. ( some call this the Microsoft tax as it used to be hard to get a PC without the MS OS bundled into it .. and it used to be about $50 per PC .. )

 

[looktall]

The people talking about how you shouldn't use an ms account on your PC are the same people who quite happily use a Gmail account on their android or an iCloud account on their iPhone.

 

[mat200]

The people talking about how you shouldn't use an ms account on your PC are the same people who quite happily use a Gmail account on their android or an iCloud account on their iPhone.

Different deals here :

Gmail / Hotmail are all cloud dependent.
Mobile phones are cell "cloud" dependent.

A PC is not cloud dependent.

 

[looktall]

Mobile phones are cell "cloud" dependent.

A PC is not cloud dependent.

Do you remember when a mobile phone was just a mobile phone?
Then they started needing accounts to give you full functionality.
Sure they will work without one but they're a bit crippled.

We've reached the point now for PC's where phones were about 15 years ago.

There's little difference.

 

[mat200]

Do you remember when a mobile phone was just a mobile phone?
Then they started needing accounts to give you full functionality.
Sure they will work without one but they're a bit crippled.

We've reached the point now for PC's where phones were about 15 years ago.

There's little difference.

yes, ..

Mobile phones has always had a unique ID associated with them .. and yes, now there's a lot more in them, and a lot more issues ..

and yes, it is interesting to see how sooner or later we appear to be heading to the "don't own anything, just renting it all .. and no freedoms, nor rights .. "

 

[tangent]

Mobile phones has always had a unique ID associated with them

Before most people had a clue how to use internet on their cell phones (remember WAP Browsers circa 1999-2009), their phones were spying on them and sending all sorts of data back to their carrier (they just had less data available to sell).
Heck even back then flip and bar phones could sometimes be persuaded to provide a third party a dump of the address book amongst other things. Carriers have been selling your location data since at least the mid 2000's.

 

[jec6613]

iirc the PCs we buy already had the OEM pay for the Microsoft OS included .. ( some call this the Microsoft tax as it used to be hard to get a PC without the MS OS bundled into it .. and it used to be about $50 per PC .. )

For a Windows Home edition, the OEM really doesn't pay much if anything anymore. They do pay for Pro, and if you have a VLSC-level agreement with MSFT you also pay a significant amount over time.

 

[mat200]

Before most people had a clue how to use internet on their cell phones (remember WAP Browsers circa 1999-2009), their phones were spying on them and sending all sorts of data back to their carrier (they just had less data available to sell).
Heck even back then flip and bar phones could sometimes be persuaded to provide a third party a dump of the address book amongst other things. Carriers have been selling your location data since at least the mid 2000's.

yup .. recall a few bluetooth attacks with an antennae which did a nice job stealing someone's cell phone contact list from quite a distance ..

 

[IAmATeaf]

The BitLocker issue is one that a friend of mine had. Can’t remember when but a few years ago and the only thing I can think of is it must have been an update that enabled BL on his drive but he had no clue about it.

 

[jec6613]

The BitLocker issue is one that a friend of mine had. Can’t remember when but a few years ago and the only thing I can think of is it must have been an update that enabled BL on his drive but he had no clue about it.

BitLocker has been enabled out of the box on all Win10 Home devices since 2016 or so, once you're connected to a Microsoft account. It's generally a good thing for most consumers, and the key is backed up.

iOS and Android have done the same thing for even longer, but while Windows has a recovery key, iOS/Android don't. It's one of the leading causes of bricked devices.