If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated.If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windor higher.There is a risk that the using this CSP may disable a feature you depend on now or in the future.īefore you decide disable Microsoft Account Sign-In Assistant, read more details from Microsoft doc.Minimum Office version implementing WAM and so honoring the CSP is with Win10 1803.What we tested using the CSP and found to work: You may have a proxy server that includes data leakage protection (DLP) controls without the need to block.Additional applications could be controlled by AppLocker reducing risk by blocking unapproved applications.Additionally, Office (+), post Windows 1803 (RS4), uses WAM. The three we tested (mail, myphone, stickyNotes) are all using WAM. The applications you may be concerned about are the ones in Windows 10.disables the “Microsoft Account Sign-In Assistant” (wlidsvc) NT service.forbids browser login (edge, chrome, application using browser authentication).forbids applications using Oauth to authenticate using MSA.What the CSP (and GPO equivalent) does not perform: forbids applications using the web account manager (WAM) to authenticate using Microsoft account (MSA).In Intune, you can easily find this/these settings in Device restrictions – Cloud and Storage or use Intune Policy CSP But sure as an end-user myself … *cough* *cough* – Where is the setting? As an in-house IT or managed service provider, you may not want your user to add their MS account to company devices or Kiosk devices. I am not saying you should forbid Microsoft Account or you shouldn’t for enterprise-managed devices. Noted, this blog post is not about telling you what should be block or shouldn’t, I only want to document my test results how these settings work or not work, and knowing where are all these settings. In this blog post, we will talk about “Account settings” and what are the impacts of these account settings. When our super IT admins or security admins want to build a totally controlled secured Windows 10, sometimes the task is “disable” or “block” some features in Windows 10.
0 Comments
Leave a Reply. |