Microsoft added new capabilities to Windows 8 that allow users to synchronize configuration and application settings between computers, so that when they log on to a different device, their settings follow them. In order to enable this new feature, users must associate their local computer or domain account with a Microsoft online identity, such as a Windows Live Mail account.
While this kind of synchronization may be useful for consumers, it could introduce risks for organizations, potentially allowing users to sync settings and app data between corporate-owned or -managed PCs to personal devices, which could lead to data leakage or a security breach. An account linked to a Microsoft identity is also required to download and purchase apps from the Windows Store, although it is possible to disable access to the store independently from restricting the ability to link domain accounts to Microsoft identities.
To disable the ability to link domain and local computer accounts to Microsoft Accounts, open the Group Policy Management Console (GPMC) on Windows 8 or Server 2012 using a domain account that has permission to create new Group Policy Objects (GPOs).
Once Group Policy has updated on the affected machine, which you can force using the gpupdate command if you don’t want to wait, users will not be able to link a Microsoft account to their domain or a local computer account, and PC Sync settings will be unavailable.