How to block Microsoft Account logins in Windows 10

Blocking Microsoft accounts on public Windows 10 machines is essential to ensuring the security of your PC image, I recently tested a library's new Windows 10 PC Image prior to deploying it for the public and found several ways get Windows to prompt for a Microsoft account login even though the settings app was disabled.

I managed to get Windows 10 to prompt for login via the "Contact support" app which comes preinstalled with Windows 10. The way it works in Windows 10 is if you have a standard user account and someone signs in with a Microsoft account, the standard user account is overridden and turns into a Microsoft account, as you can see that can be very bad in a public computer environment, this would mean that no other user could sign in and use that computer until IT had been down to fix it.

The good news is that there's a group policy to stop just that!

1. Open Group Policy Editor, if you are on a Windows 10 Home machine or another edition that doesn't come with GPEdit you can find out how to install it here: http://lukesitresources.blogspot.com/2017/05/how-to-manually-install-gpedit-in.html
2. In GPEdit navigate to: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts: Block Microsoft Accounts
3. Set the policy to Users can't add or log in with a Microsoft Account
4. Lastly, open Settings > Accounts and verify that the option to sign in with a Microsoft account is disabled.

That's all that's required to block Microsoft accounts, if you have trouble getting the policy to apply then there are some steps you can take to make it work.

Troubleshooting

1. From the command prompt, run the command gpupdate /force This will force the computer to update the policy for the computer and user.
2. Microsoft advises that this policy doesn't link to a registry key but in my troubleshooting of one machine I found this to be incorrect, if you are still seeing the option to sign-in with a Microsoft account then try changing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\Settings and set the AllowYourAccount key to 0 

Icons made by Freepik from www.flaticon.com is licensed by CC 3.0 BY

Icons made by Madebyoliver from www.flaticon.com is licensed by CC 3.0 BY