
close
close
Chance to win $250 in Petri 2023 Audience Survey
Microsoft added new capabilities to Windows 8 that allow users to synchronize configuration and application settings between computers, so that when they log on to a different device, their settings follow them. In order to enable this new feature, users must associate their local computer or domain account with a Microsoft online identity, such as a Windows Live Mail account.
While this kind of synchronization may be useful for consumers, it could introduce risks for organizations, potentially allowing users to sync settings and app data between corporate-owned or -managed PCs to personal devices, which could lead to data leakage or a security breach. An account linked to a Microsoft identity is also required to download and purchase apps from the Windows Store, although it is possible to disable access to the store independently from restricting the ability to link domain accounts to Microsoft identities.
To disable the ability to link domain and local computer accounts to Microsoft Accounts, open the Group Policy Management Console (GPMC) on Windows 8 or Server 2012 using a domain account that has permission to create new Group Policy Objects (GPOs).
Once Group Policy has updated on the affected machine, which you can force using the gpupdate command if you don’t want to wait, users will not be able to link a Microsoft account to their domain or a local computer account, and PC Sync settings will be unavailable.
More in Security
What is Microsoft Sentinel and How Does It Protect Cloud and On-Premises Resources?
Feb 2, 2023 | Mustafa Toroman
Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines
Jan 31, 2023 | Rabia Noureen
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
Most popular on petri