So you have 100 employees and are going with Windows 8. Out of the box, each employee will need a Microsoft Account (formerly known as a Live ID). Some people will have one already, others may not. What account should they use for work?
Use your own/existing account
The same one you use for your XBOX account? What might be your personal email account? It is hard to say what the negative implications could be here. Maybe you buy a bunch of games for your personal Surface tablet; will you end up with those on your computer at work? Maybe that is okay, maybe it is not. What about corporate software licenses that may get tied to your personal account? Might that cause problems with you leave the company?
Create a separate work account
This can help keep your work and personal lives separated but maybe that will be a pain. Perhaps there will be a situation where you are logged in with your personal account and then you want to do something work-related, would you need to log out and back in again? Yuck.
Creating a separate work account is not something that can be done for you. There is no magic PowerShell cmdlet to allow mass creation of accounts. In fact, there are limitations in place to specifically prevent mass creation of accounts: you can only create 3 accounts per day from a single IP address.
Wait! You might say. What if your organization shares a public facing IP? The answer I got from Microsoft was that you may call support and get an exception to allow it.
Some of us have a similar situation already with our iTunes accounts on Apple devices. However, I really don’t think “well that’s what Apple does” is an acceptable stance here, we all should expect more of Microsoft in terms of managing accounts and devices.
If you don’t mind dealing with the potential backlash from your users you can try to avoid this Microsoft Account business: If you are going to be using Windows 8 Pro and not RT, there are some things you can do to prevent this confusion as an admin:
- You can configure Windows 8 Pro to log into an AD domain
- You can then disable the ability to connect an AD account with a Microsoft account via Group Policy
- You can then disable the Windows Store via Group Policy
What are you doing or what will you do about choosing what Microsoft Account to use? Create a new one for work, or use the one you’ve already established?