Microsoft has ensured the alternative is nearly impossible, constantly working to block any workarounds that users discover to use a local-only account. And it will even going so far as to silently reset the master recovery key if the original key couldn’t be uploaded (my coworker discovered this to his horror when finding out that not only had it changed his failsafe recovery key again, but also uploaded the wrong key to MDM—all data simply lost)
reply> Microsoft has ensured the alternative is nearly impossible, constantly working to block any workarounds that users discover to use a local-only account.
replyLocal accounts still work fine for Win 11 Pro, I installed it a few days ago using a clean ISO directly from Microsoft. No special patching or command line stuff needed, making a local account is part of the official install process.
Did they make it better recently? There's plenty of blogs explaining why Microsoft wanted this to be increasingly difficult last year. Just from quick google:
replyhttps://www.xda-developers.com/microsoft-cracking-down-on-lo...
https://medium.com/@michaelswengel/microsoft-blocking-local-...
Yes it does seem prudent to encrypt those keys some other way on the cloud and not add them to the clouds accessible keys.
replyThey also seem suitable for using a secret sharing scheme.
I have Microsoft authenticator requests all day every day. Using aliases has helped but somehow they continue. It's only a matter of time before somehow accidentally I approve.
Which has simply led to me not putting anything of high value in my Microsoft account and not using it for my email.
This happened to me too. The only solution I found was to disable authenticator on the account. Their implementation actively makes accounts less secure.
reply