The Microsoft account (MSA) has become quite an integrated part of the modern technology ecosystem ā being a core authentication mechanism for Xbox, TechNet/MSDN subscriptions, Windows 8, Windows Phone, Skype, Microsoft Partner Network, and various other Microsoft platforms and technologies.
The MSA has a long history and has been known by many names both inside and outside Microsoft. Notable names have been Passport and Live ID, and inside Microsoft it is sometimes referred to as a ConsumerID.
Customers on Office 365 or any other service that ties into Windows Azure Active Directory (WAAD) ā such as Dynamics CRM Online, Windows Intune, or Windows Azure itself ā rely on something known as an “organization ID” aka “OrgID”.
The problem many people face is when they utilise both WAAD-based services as well as MSA-based services.
A common scenario would be an Office 365 user who also wants to set up a corporate Windows 8 or Windows Phone device. In order to fully utilise those devices they must use a MSA. There are several scenarios and their solutions:
Scenario |
Solution |
Resultant Problem |
Have a personal MSA (eg. Hotmail or Outlook.com) |
Use this on your work device |
Mixing personal & work services together blurs the separation of lives Accidentally exposing personal email address to professional contacts |
Have a personal MSA but don’t want to use this on a work device |
Create another MSA |
More accounts & passwords to manage, confusion |
Do not have a MSA (eg. uses Yahoo, Gmail or other for personal email) |
Sign up for a MSA |
More accounts & passwords to manage, confusion |
Ā Ideally users would want to utilise their work email, which is something that can be done but is a relatively unknown feature of the MSA ecosystem. Simply by browsing to http://signup.live.com users are able to set up a new MSA while using an existing work email address ā such as their work email.
Fantastic! Problem solved I hear you say. No, far from it.
Having individuals sign up for a MSA is not an ideal solution for corporate deployments of technologies that rely on MSA.
Earlier this year I released a solution known as SkyIDsync by my company Xstran. The inspiration for this solution originally came from schools approaching me as they were moving to Office 365 but were not happy with the 500MB My Site allocation given to users. My solution at the time was to provision a MSA’s in bulk to provide the users with SkyDrive accounts. The new Office 365 with SkyDrive Pro (released in February this year) which somewhat diminished the purpose of SkyIDsync ā however with the release of Windows 8 and further proliferation of Windows Phone there was still a need for the tool.
The challenge however is the partial communication between the MSA identity platform and that of Office 365. Unfortunately this is somewhat broken as can be seen looking at the threads on the Office 365 Community forum site. This can be in places quite difficult as both Windows Azure and Dynamics CRM Online both also work with MSA’s as well as OrgIDs.
So what to do? There is a solution, however without Microsoft actually acknowledging ownership of the issue and putting in place a resolution ā the solution is only achievable by following a specific order of events.
Domain exists in Office 365, add it to MSA / Windows Live |
FAIL |
Windows Live Domain Admin portal: |
Domain exists in MSA / Windows Live, add it to Office 365 |
PASS |
Windows Live Domain Admin portal:
Microsoft Online Portal: |
So the net result? Add the domain to Windows Live first and you can add it to Office 365, then you can use my SkyIDsync tool to bulk provision users for that can use whatever Microsoft technology you are deploying that relies on a MSA.
Alternatively Microsoft can fix the communication between them so OrgIDs can be used for MSA-based services, but if that were to happen it would be a long long way away!
Discover more from Loryan Strant, Microsoft 365 MVP
Subscribe to get the latest posts sent to your email.
Anyhow you will get different Id’s at the end… ( with possibly different passwords )
Not to mention having Skype-Lync integration with MSA and Lync Id makes it more confusing.
Now it is 2015. Can we have an update?
What kind of update are you looking for?
Some of the features such as Windows Live Domains have been depreciate, and the OrgID (powered by Azure Active Directory) is more pervasive.