6.1 KiB
title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
| title | description | ms.author | ms.localizationpriority | ms.topic | ms.prod | ms.technology | author | ms.date | ms.reviewer | manager |
|---|---|---|---|---|---|---|---|---|---|---|
| Policy CSP - Accounts | Learn about the Accounts policy configuration service provider (CSP). This article describes account policies. | vinpa | medium | article | w10 | windows | vinaypamnani-msft | 09/27/2019 | aaroncz |
Policy CSP - Accounts
Accounts policies
- Accounts/AllowAddingNonMicrosoftAccountsManually
- Accounts/AllowMicrosoftAccountConnection
- Accounts/AllowMicrosoftAccountSignInAssistant
- Accounts/DomainNamesForEmailSync
- Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
Accounts/AllowAddingNonMicrosoftAccountsManually
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Specifies whether user is allowed to add email accounts other than Microsoft account.
Most restricted value is 0.
Note
This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
The following list shows the supported values:
- 0 - Not allowed.
- 1 (default) - Allowed.
Accounts/AllowMicrosoftAccountConnection
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services.
Most restricted value is 0.
The following list shows the supported values:
- 0 - Not allowed.
- 1 (default) - Allowed.
Accounts/AllowMicrosoftAccountSignInAssistant
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
Note
If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See Feature updates are not being offered while other updates are.
Note
If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
The following list shows the supported values:
- 0 - Disabled.
- 1 (default) - Manual start.
Accounts/DomainNamesForEmailSync
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
The following list shows the supported values:
Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | No | Yes |
| Business | No | Yes |
| Enterprise | No | Yes |
| Education | No | Yes |
[!div class = "checklist"]
- Device
Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
Most restricted value is 1.
The following list shows the supported values:
- 0 (default) - Allow both device and user authentication.
- 1 - Only allow device authentication. Block user authentication.