it:ad:microsoft_account:home

IT:AD:Microsoft Account

Summary

A Microsoft Account is one of the two types of IdP Accounts associated to an Azure Accounts: * Personal Accounts * Organisational Accounts (also known as an Azure AD Account, or Work/School Account).


!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt

package Azure {
class "Account" as AZA
}

note right of AZA {
Account info
accessible via
https://account.windowsazure.com/
}

package "IdP Identity" as II {
package "Azure AD" as AAD {
class "Personal Account" as PA
class "Microsoft Account" as MA
MA .UP.|> PA
}

package "Microsoft Live" as ML {
class "Organisation Account" as OA
class "Azure AD Account" as AA
AA .UP.|> OA
}

AAD -[Hidden]RIGHT- ML

note bottom of MA
Account info
accessible via
https://login.live.com

end note
}

AZA -DOWN- II

Personal Accounts:

  • are personal, consumer accounts, created by individuals themselves (as oppossed to an Org's admin) and stored at https://live.com
  • services authenticate by redirecting users to sign in via https://signin.live.com
  • are currently called Microsoft Accounts (Passport Accounts became Live Accounts, which became Microsoft Accounts)
  • Can access services registered in the Azure ADs to which the user has been invited.
    • Note: Azure AD has a federation trust relationship with https://live.com. Hence Azure AD can authenticate “native” org accounts, as well as “guest” consumer Microsoft Accounts.
  • Considerations:
    • There is no API for provisioning Microsoft Accounts, and therefore cannot currently fulfill Organisational (Business/School) provisioning/management/deprovisioning requirements.
A comparison between the two types of Accounts (Personal/Organisation) is available at: IT:AD:Azure:Account.