I often get questions about Microsoft Azure accounts and best practices around setting upp access to a Microsoft Azure Subscription. Today I read a really useful article explaining the whys and the whats about how to adress the challange many have with Azure Accounts.
Ariel Gordon (Twitter: @askariel) summons it up and gives really good advidvice around when and how to use Azure AD accounts and Microsoft Accounts.
I added Ariels conclusion and reccomendations from his article, make sure to follow him on Twitter, i just did 🙂
Conclusion and recommendations
These changes are part of bigger investments we’re making to converge our identity systems. We’ll share more details later this year.
If you’re an IT pro, do not bulk create personal Microsoft accounts for your employees. We’ve helped many customers through hard usability and security problems because they had done this. If you’re configuring Windows devices for your employees, you should take advantage of the self-service set up and automatic MDM enrollment we’ve built into Windows 10 using Azure AD.
If you’re an IT pro, don’t ask your employees to create personal Microsoft accounts with their work email address. It creates confusion about who owns the associated content and resources. We understand that there are still a few Microsoft services that require creating personal accounts with a work email address, and as mentioned above we’re working hard to address this and have short-term exceptions in place.
If you’re an end user who has created a personal Microsoft account using your work email at of convenience, please consider renaming your account.
If you’re an app developer, you should probably support both personal and work accounts from Microsoft. Check out this post to learn more about the work we’re going to converge our identity stacks.
Read the full article for more details: https://blogs.technet.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/