How To Download Microsoft Account
Analisa Wisdom
While the Microsoft Account provider is still supported, it is recommended that apps instead use the Microsoft identity platform provider (Microsoft Entra ID). The Microsoft identity platform offers support for both organizational accounts and personal Microsoft accounts.
Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
(Optional) To restrict access to Microsoft account users, set Action to take when request is not authenticated to Log in with Microsoft Entra ID. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to use Microsoft Entra ID for authentication. Note that because you have configured your Issuer Url to use the Microsoft Account tenant, only personal accounts will successfully authenticate.
Your B2B guest users can use their own personal Microsoft accounts for B2B collaboration without further configuration. Guest users can redeem your B2B collaboration invitations or complete your sign-up user flows using their personal Microsoft account.
Microsoft accounts are set up by a user to get access to consumer-oriented Microsoft products and cloud services, such as Outlook, OneDrive, Xbox LIVE, or Microsoft 365. The account is created and stored in the Microsoft consumer identity account system, run by Microsoft.
Microsoft account is available by default in the list of External Identities > All identity providers. No further configuration is needed to allow guest users to sign in with their Microsoft account, using either the invitation flow, or a self-service sign-up user flow.
Microsoft account is an identity provider option for your self-service sign-up user flows. Users can sign up for your applications using their own Microsoft accounts. First, you'll need to enable self-service sign-up for your tenant. Then you can set up a user flow for the application, and select Microsoft account as one of the sign-in options.
At Microsoft, we continue to look for creative ways to protect people online and that includes having no tolerance for those who create fraudulent copies of our products to harm others. Fraudulent online accounts act as the gateway to a host of cybercrime, including mass phishing, identity theft and fraud, and distributed denial of service (DDoS) attacks. That is why today, we, with valuable threat intelligence insights from Arkose Labs, a leading cybersecurity defense and bot management vendor, are going after the number one seller and creator of fraudulent Microsoft accounts, a group we call Storm-1152. We are sending a strong message to those who seek to create, sell or distribute fraudulent Microsoft products for cybercrime: We are watching, taking notice and will act to protect our customers.
Storm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms. These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online. To date, Storm-1152 created for sale approximately 750 million fraudulent Microsoft accounts, earning the group millions of dollars in illicit revenue, and costing Microsoft and other companies even more to combat their criminal activity.
Storm-1152 plays a significant role in the highly specialized cybercrime-as-a-service ecosystem. Cybercriminals need fraudulent accounts to support their largely automated criminal activities. With companies able to quickly identify and shut down fraudulent accounts, criminals require a greater quantity of accounts to circumvent mitigation efforts. Instead of spending time trying to create thousands of fraudulent accounts, cybercriminals can simply purchase them from Storm-1152 and other groups. This allows criminals to focus their efforts on their ultimate goals of phishing, spamming, ransomware, and other types of fraud and abuse. Storm-1152 and groups like them enable scores of cybercriminals to carry out their malicious activities more efficiently and effectively.
Microsoft Threat Intelligence has identified multiple groups engaged in ransomware, data theft and extortion that have used Storm-1152 accounts. For example, Octo Tempest, also known as Scattered Spider, obtained fraudulent Microsoft accounts from Storm-1152. Octo Tempest is a financially motivated cybercrime group that leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. Microsoft continues to track multiple other ransomware or extortion threat actors that have purchased fraudulent accounts from Storm-1152 to enhance their attacks, including Storm-0252 and Storm-0455.
Microsoft is committed to providing a safe digital experience for every person and organization on the planet. We work closely with Arkose Labs to deploy a next-generation CAPTCHA defense solution. The solution requires every would-be user who wishes to open a Microsoft account to represent that they are a human being (not a bot) and verify the accuracy of that representation by solving various types of challenges.
A Microsoft account or MSA[1] (previously known as Microsoft Passport,[2] .NET Passport, and Windows Live ID) is a single sign-on personal user account for Microsoft customers to log in to consumer[3][4] Microsoft services (like Outlook.com), devices running on one of Microsoft's current operating systems (e.g. Microsoft Windows computers and tablets, Xbox consoles), and Microsoft application software (including Visual Studio).
Microsoft account allows users to sign into websites that support this service using a single set of credentials - these usernames are in the same form as an email address. Microsoft account offers a user two different methods for creating an account:
Microsoft websites, services, and apps such as Bing, MSN and Xbox Live use Microsoft account as a means of identifying users. There are also several other companies that use it, such as the Hoyts website which is hosted by NineMSN.
Windows XP and later has an option to link a local Windows user account with a Microsoft account, thus automatically logging users in to their Microsoft account whenever a service is accessed. Starting with Windows 8 and Windows Server 2012, Windows allows users to directly authenticate into their PCs using their Microsoft account rather than a local or domain user.[5]
In addition to using an account password, users can login to their Microsoft account by accepting a mobile notification sent to a mobile device with Microsoft Authenticator, a FIDO2 security token or by using Windows Hello.[6] Users can also set up two-factor authentication by getting a time-based, single-use code by text, phone call or using an authenticator app.
Users' credentials are not checked by Microsoft account-enabled websites, but by a Microsoft account authentication server. A new user signing into a Microsoft account-enabled website is first redirected to the nearest authentication server, which asks for username and password over an SSL connection. The user may select to have their computer remember their login: a newly signed-in user has an encrypted time-limited cookie stored on their computer and receives a triple DES encrypted ID-tag that previously has been agreed upon between the authentication server and the Microsoft account-enabled website. This ID-tag is then sent to the website, upon which the website plants another encrypted HTTP cookie in the user's computer, also time-limited. As long as these cookies are valid, the user is not required to supply a username and password. If the user actively logs out of their Microsoft account, these cookies will be removed.
Microsoft also offer a work or school account which are set up by an administrator as part of an organization. These accounts are separate from Microsoft accounts (which is also called personal account) and cannot be merged, but may be used side-by-side by a user.[7][8] A work or school account uses the Azure Active Directory domain platform.[9]
On June 17, 2007, Erik Duindam, a web developer in the Netherlands, reported a privacy and identity risk, saying a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address."[26] A procedure was found to allow users to register invalid or currently used e-mail addresses. Upon registration with a valid e-mail address, an e-mail verification link was sent to the user. Before using it however, the user was allowed to change the e-mail address to one that did not exist, or to an e-mail address currently used by someone else. The verification link then caused the Windows Live ID system to confirm the account as having a verified email address. That flaw was fixed two days later, on June 19, 2007.[27]
Okay... well this is weird. And yes, this is my personal account. It was created when I transitioned my Xbox LIVE account to a Microsoft account on 2014-03-07 (the LIVE account was created back in 2006, and neither it nor my Microsoft account were ever joined to any other domains).
Update: Following @NeilTheMann's advice on Twitter, I went to and logged in there. Then I clicked on my 'JG' account info, and at the bottom of that profile pane, it had a link to 'Manage organizations'. On that page, I see:
Probably you now have two accounts, both using the same email address. One is a personal account, one is an organization account. If Personal doesn't qualify as an alternate directory, then it is not surprising that you can't switch to it. Probably have to sign out, choose to sign in with a personal account, and then sign in.
I had a similar situation which I resolved as was able to get into one account and then change the email address so now have my personal and work accounts on seperate email addresses. It has been a mess for such a long time to have two sets of accounts.
f448fe82f3