Confusion over accounts used to access Microsoft’s online services

I recently bought a new computer, for family use (the Lenovo Flex 15 that I was whinging about the other week finally turned up). As it’s a new PC, it runs Windows 8 (since upgraded to 8.1) and I log in with my “Microsoft account”. All good so far.

I set up local accounts for the kids, with parental controls (if you don’t use Windows Family Safety, then I recommend you do! No need for meddling government firewalls at ISP level – all of the major operating systems have parental controls built in – we just need to be taught to use them…), then I decided that my wife also needed a “Microsoft account” so she could be registered as a parent to view the reports and over-ride settings as required.

Because my wife has an Office 365 mailbox, I thought she had a “Microsoft account” and I tried to use her Office 365 credentials. Nope… authentication error. It was only some time later (after quite a bit of frustration) that I realised that the “Organization account” used to access a Microsoft service like Office 365 is not the same as a “Microsoft account”. Mine had only worked because I have two accounts with the same username and password (naughty…) but they are actually two entirely separate identities. As far as I can make out, “organization accounts” use the Windows Azure Active Directory service whilst “Microsoft accounts” have their heritage in Microsoft Passport/Windows Live ID.

Tweeting my frustrations I heard back from a number of online contacts – including journalists and MVPs – and it seems to be widely accepted that Microsoft’s online authentication is a mess.

As Jamie Thomson (@JamieT) commented to Alex Simons (@Alex_A_Simons - the Programme Director for Windows Azure Active Directory), if only every “organization account” could have a corresponding “Microsoft account” auto-provisioned, life would be a lot, lot simpler.

4 Comments

  • Tuesday 10 December 2013 - 15:08 | Permalink


    I think “its a total mess” is a bit harsh. They have two identity systems, one for each of two different usage scenarios and when you understand that its clearer (to me, anyway) why you had problems with your wife’s account.

    Is it overly-complicated and confusing? Yes, I think so. This definitely needs to improve.

  • Kirran
    Wednesday 11 December 2013 - 4:42 | Permalink


    Don’t use an online account at all. Don’t risk losing access to your device by locking out your Microsoft online account. Just make a local account every time. http://www.hanselman.com/blog/HowToSignIntoWindows8Or81WithoutAMicrosoftAccountMakeALocalUser.aspx

  • Wednesday 11 December 2013 - 17:25 | Permalink


    Using a Microsoft account is useful in some ways. For example, my browsing history follows me, and (only because my credentials match), Windows automagically configured email. It’s also necessary for me to have a parent in Windows Family Safety. Creating local accounts is fine for some purposes (e.g. accounts for my kids, who don’t yet use online services) but I’m not sure the risk of losing access by locking myself out of my Microsoft account is that great – there is a password reset process, should I need it.

  • Wednesday 11 December 2013 - 17:28 | Permalink


    Jamie, “total mess” may be a little harsh – I think John had some specific use cases he was referring to – but your right that things need to improve – reading Tim Anderson’s recent article on Microsoft cloud account problems highlights some of the challenges: http://www.itwriting.com/blog/7844-microsoft-cloud-account-problems.html

  • Leave a Reply

    %d bloggers like this: