AzureAD



  • So in another thread we were talking about AzureAD. I had an issue and @Dashrender suggested I make a new post. I'll just copy below what I said:

    I have an Office 365 and a normal Microsoft account. I used AzureAD to authenticate so the domain was AzureAD and the username was just JohnHooks. I have no idea how it knows the difference between me JohnHooks and someone else JohnHooks. I guess by device id?

    I recently changed my password. So I tried to install an app from the store and it wouldn't authenticate with my email and new password, but it would accept my old password and then just give me a non useful error.

    It could just be me not understanding Microsoft stuff, but it just seemed really convoluted.



  • @johnhooks I've also wondered why there isn't more of a distinction between the AzureAD and the "normal" Microsoft account. Or more precisely why the system they have gets stuck on one account or the other.

    They do have the "use your work account provided by your IT Administrator" or personal but have noticed that it often latches on to one account of another even after signing out and closing the browser.

    It has to be something with the way they use browser history to make signing in easy for people who use Office 365 online as their business email etc.



  • I have a feeling that the two are actually the same thing.



  • @StrongBad said:

    I have a feeling that the two are actually the same thing.

    But in no way is [email protected] the same thing as [email protected]

    Completely separate accounts, different recovery information etc.

    MS Should have no way to know, and therefor keep them separate.



  • Agreed, one is mine, one is my companies. I expect to keep everything in the one that is mine when I leave that company, but expect to leave everything behind in the company one... they should not be merged at all.



  • @DustinB3403 said:

    @StrongBad said:

    I have a feeling that the two are actually the same thing.

    But in no way is [email protected] the same thing as [email protected]

    Completely separate accounts, different recovery information etc.

    MS Should have no way to know, and therefor keep them separate.

    Two different accounts. But I mean that I think that they are both Azure AD. Just two Azure AD accounts.



  • Now if somehow MS was able to determine that I am in fact the same person because of username similarities, doesn't mean they should.

    Maybe I just want a free MS email account for personal use.



  • @StrongBad said:

    @DustinB3403 said:

    @StrongBad said:

    I have a feeling that the two are actually the same thing.

    But in no way is [email protected] the same thing as [email protected]

    Completely separate accounts, different recovery information etc.

    MS Should have no way to know, and therefor keep them separate.

    Two different accounts. But I mean that I think that they are both Azure AD. Just two Azure AD accounts.

    I guess I should clarify. I only initially set it up with my Office 365 and AzureAD account. I didn't add the normal user account until I couldn't install an app from the store.

    It's the enterprise version of Windows 10, does that affect how the store works?



  • @StrongBad said:

    Two different accounts. But I mean that I think that they are both Azure AD. Just two Azure AD accounts.

    maybe - and I'm fine with that.



  • So you can't use your work account to get apps from the Windows Store?

    I'm signed in with my work account as you can see from the picture. But it's making me sign in with a Microsoft Account to get any apps?

    0_1455152067769_signed in.png

    0_1455152076357_choose account.png

    0_1455152088914_add account.png



  • While it might seem odd that you can't get apps with your business account, it's not entirely surprising either. Apps that you could get would need to be published to you by the site administrator, because that's who owns them, who would be paying for them.

    You don't want end users having to attach a CC to their business account, either their own or the companies. If they put their own in, now it's an argument as to who owns that software, if they put the company CC in, who manages that?

    I know there is a way to publish apps via a private store to Win10 machines within your organization, but I couldn't tell you how to do it.



  • @Dashrender said:

    While it might seem odd that you can't get apps with your business account, it's not entirely surprising either. Apps that you could get would need to be published to you by the site administrator, because that's who owns them, who would be paying for them.

    You don't want end users having to attach a CC to their business account, either their own or the companies. If they put their own in, now it's an argument as to who owns that software, if they put the company CC in, who manages that?

    I know there is a way to publish apps via a private store to Win10 machines within your organization, but I couldn't tell you how to do it.

    That's a good point. I didn't think of it that way.


  • Service Provider

    @Dashrender said:

    While it might seem odd that you can't get apps with your business account, it's not entirely surprising either. Apps that you could get would need to be published to you by the site administrator, because that's who owns them, who would be paying for them.

    Problem is, it means that for basic usage you need to merge the accounts. And thus the problems begin.


  • Service Provider

    @johnhooks said:

    That's a good point. I didn't think of it that way.

    Except now you have to merge accounts even for free things.



  • @scottalanmiller said:

    @johnhooks said:

    That's a good point. I didn't think of it that way.

    Except now you have to merge accounts even for free things.

    I just added my login to the store. Does that merge the two together?



  • @scottalanmiller said:

    @Dashrender said:

    While it might seem odd that you can't get apps with your business account, it's not entirely surprising either. Apps that you could get would need to be published to you by the site administrator, because that's who owns them, who would be paying for them.

    Problem is, it means that for basic usage you need to merge the accounts. And thus the problems begin.

    Not sure what you mean by merge? I have two or more MS accounts on my laptop at home - they aren't merged, they are all simply active. Sure, when I want to buy/download something I have to make sure I pick the correct account - but we've been doing that on mobile devices for years.

    That said, it's still a cluster.



  • @johnhooks said:

    @scottalanmiller said:

    @johnhooks said:

    That's a good point. I didn't think of it that way.

    Except now you have to merge accounts even for free things.

    I just added my login to the store. Does that merge the two together?

    There is merging of accounts as I can see.. the device simply has two account on it.. and uses the permissions of the account that allowed the action when account access is needed.


  • Service Provider

    @Dashrender said:

    @johnhooks said:

    @scottalanmiller said:

    @johnhooks said:

    That's a good point. I didn't think of it that way.

    Except now you have to merge accounts even for free things.

    I just added my login to the store. Does that merge the two together?

    There is merging of accounts as I can see.. the device simply has two account on it.. and uses the permissions of the account that allowed the action when account access is needed.

    Well, that's kind of merged. The end user cannot clearly see which is which.

    And to be absolutely clear.... Microsoft cannot see which is which either. It was because of Microsoft confusing and merging these accounts that I lost both my O365 AND my personal accounts at the same time. MS on the back end merged them together and broke them both. That's why for six months I've had no working MS accounts and still don't, MS can't get them fixed.

    This is VERY merged and very not separate.


  • Service Provider

    @Dashrender said:

    Not sure what you mean by merge? I have two or more MS accounts on my laptop at home - they aren't merged, they are all simply active.

    For most people, they don't get mixed together TOO much. But MS can't keep track of them with confidence, and if they can't, any appearance of tracking them yourself is likely nothing more than that.


  • Service Provider

    @Dashrender said:

    Sure, when I want to buy/download something I have to make sure I pick the correct account - but we've been doing that on mobile devices for years.

    Only you people in the WIndows phone world. I've never done that. Not sure when it would even come up.



  • @scottalanmiller said:

    @Dashrender said:

    Sure, when I want to buy/download something I have to make sure I pick the correct account - but we've been doing that on mobile devices for years.

    Only you people in the WIndows phone world. I've never done that. Not sure when it would even come up.

    LOL - I knew you would pick on that - but no, seriously - on my Android phone I would switch between different amazon accounts back in the day because they didn't allow shared content between account on Amazon services.

    FYI - Google and Amazon services don't work well if at all on Phones phone (though Amazon does have an Amazon store app for buying stuff on Windows phone, but not for apps).



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.