Microsoft is becoming a cloud first company, and pushing other companies to do the same, offering services like Azure, Azure Active Directory, and Office 365 to entice businesses to move their operations to the cloud.
With that, however, comes some pitfalls. A recent blog post on the Enterprise and Mobility blog describes one such pain point, the potentially confusing user experience when mixing Azure AD and Microsoft personal accounts to log in to Microsoft services. From the blog post:
In particular, we know many of you have pretty strong feelings about this one particular screen:
Alex Simons, Director of Program Management for the Microsoft Identity Division, blames the issue on "Microsoft having two giant cloud scale identity systems built by different parts of the company." Microsoft has combined those two teams, however, and is working to clear up some of the confusion.
Basically, the problem stems from the fact that over 4 million people (gleaned from Microsoft gathered telemetry) have a personal Microsoft account with a work/school email address as a username. There are four main drivers for this, according to the company's research:
- Some users prefer to use their work email to sign up for everything, out of convenience. This could be Microsoft apps or services, Amazon, eBay, etc.
- A handful of Microsoft business services, like MSDN, don’t support Azure AD yet and require the use of personal Microsoft accounts
- IT departments are asking employees to create personal Microsoft accounts with their work email addresses, or in some rare cases bulk-create these accounts for the employees.
- Some students were given a personal Microsoft account when their school switched from the old [email protected] program to Office 365.
When the work account the user is using originates as an Azure Active Directory account, then the user winds up with two Microsoft identities (one work, one personal) both with the same email address. Not good.
This doubling up of accounts can cause all kinds of problems, including a false belief that documents stored in personal OneDrive folders are business compliant, and that if the user leaves the company, they could lose access to their personal accounts.
To begin to address the issue, Microsoft will no longer allow users to create a personal account using an Azure AD work email address. Instead, they'll see a new user experience:
If the user is signing in to a Microsoft app that supports personal and work/school accounts, they'll be given the chance to log in to their work account, or to create a new username (that's not a company email address).
Microsoft still has some services that don't support Azure AD and won't be able to block account creation, but they're making good progress in getting those services moved over, according to the blog post.
To deal with existing accounts, Microsoft is making it easier to rename personal accounts. This will only change the username on personal accounts:
Renaming your personal Microsoft account means changing the username, and does not impact your work email or how you sign in to business services such as Office 365. It also doesn’t impact your personal stuff—it just changes the way you sign in to it. You can use another (personal) email address, get a new @outlook.com email address from Microsoft, or use your phone number as a new username.
The post goes on to list some recommendations for IT Pros, app developers and end users on how to deal with the issues. If you're one of the 4 million or so users affected by the problems of mixed up work and personal accounts, be sure to check out the blog post.