IT:AD:Microsoft Account

Summary

A Microsoft Account is one of the two types of IdP Accounts associated to an Azure Accounts:

  • Personal Accounts
  • Organisational Accounts (also known as an Azure AD Account, or Work/School Account).

AzureIdP IdentityAzure ADMicrosoft LiveAccountAccount infoaccessible viahttps://login.live.comPersonal AccountMicrosoft AccountOrganisation AccountAzure AD AccountAccount infoaccessible viahttps://account.windowsazure.com/

Personal Accounts:

  • are personal, consumer accounts, created by individuals themselves (as oppossed to an Org's admin) and stored at https://live.com
  • services authenticate by redirecting users to sign in via https://signin.live.com
  • are currently called Microsoft Accounts (Passport Accounts became Live Accounts, which became Microsoft Accounts)
  • Can access services registered in the Azure ADs to which the user has been invited.
    • Note: Azure AD has a federation trust relationship with https://live.com. Hence Azure AD can authenticate “native” org accounts, as well as “guest” consumer Microsoft Accounts.
  • Considerations:
    • There is no API for provisioning Microsoft Accounts, and therefore cannot currently fulfill Organisational (Business/School) provisioning/management/deprovisioning requirements.
A comparison between the two types of Accounts (Personal/Organisation) is available at: IT:AD:Azure:Account.