deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-msapolicy.md
Vinay Pamnani (from Dev Box) 29e044c903 MDM/CSP metadata changes
2024-01-18 12:26:53 -05:00

4.1 KiB
Raw Blame History

title, description, ms.date
title description ms.date
ADMX_MSAPolicy Policy CSP Learn more about the ADMX_MSAPolicy Area in Policy CSP. 01/18/2024

Policy CSP - ADMX_MSAPolicy

[!INCLUDE ADMX-backed CSP tip]

MicrosoftAccount_DisableUserAuth

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC		 Windows 10, version 2004 [10.0.19041.1202] and later
Windows 10, version 2009 [10.0.19042.1202] and later
Windows 10, version 21H1 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth

This setting controls whether users can provide Microsoft accounts for authentication for applications or services.

  • If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.

This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user won't be affected by enabling this setting until the authentication cache expires.

It's recommended to enable this setting before any user signs in to a device to prevent cached tokens from being present.

  • If this setting is disabled or not configured, applications and services can use Microsoft accounts for authentication.

By default, this setting is Disabled. This setting doesn't affect whether users can sign in to devices by using Microsoft accounts, or the ability for users to provide Microsoft accounts via the browser for authentication with web-based applications.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name MicrosoftAccount_DisableUserAuth
Friendly Name Block all consumer Microsoft account user authentication
Location Computer Configuration
Path Windows Components > Microsoft account
Registry Key Name Software\Policies\Microsoft\MicrosoftAccount
Registry Value Name DisableUserAuth
ADMX File Name MSAPolicy.admx

Related articles

Policy configuration service provider