Office 365 account|Microsoft account - creating users for computer in a small business

Forums › Microsoft Windows › Office 365 account|Microsoft account - creating users for computer in a small business

robjg63

4098 posts

Uber Geek

Subscriber

#315257 26-Jun-2024 12:10

I do IT support for a smallish business.

We moved all our server mail and file storage onto Office365 5 or 6 years ago and this works great.

So we have our own email domain name but that's all.

When I set up a new user I just create their account in office 365 and for the PC/Laptop I just create a local user.

The user can then log into office 365, install the office apps, access sharepoint etc and it all works fine.

But MS is getting very annoying about wanting a 'Microsoft account' on devices and you have to really fight to break into the bit that lets you create a 'local account'.

A "MS account" is not an "Office 365 account". So you cant create a user account on the PC with the Office 365 address.

There must be other people in a similar situation - how are you handling this???

One support place I spoke to suggested I could do a clean install of windows on any new hardware that Rufus had been used on to clobber the Microsoft account nags. That seems pretty harsh.

Any advice happily accepted - but keep it simple!

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

1 | 2

47 posts

Geek

ID Verified

#3253446 26-Jun-2024 12:21

The way that it has worked for me is to create a new user on the computer, and sign in using a work or school account. This means that the Office 365 account password is used to login to the computer each time.

bagheera

539 posts

Ultimate Geek

#3253449 26-Jun-2024 12:27

you say you moved storage to SharePoint, so I am guessing your MS license is not just an exchange online - what license is it?

fearandloathing

503 posts

Ultimate Geek

ID Verified

Lifetime subscriber

#3253458 26-Jun-2024 13:13

You would normally just sign in with the the O365 account

I assume you can’t do this because you are using windows Home edditions.

I would recommend that you buy windows professional upgrades for those devices.

Edit: typo

coffeebaron

6231 posts

Uber Geek

Trusted

Lifetime subscriber

#3253459 26-Jun-2024 13:14

Create a random MS account, login, create a new local user accout (with admn access), logout, login to new local account, remove MS account from computer.

There are some other workarounds too, but this one is probably the most simple.

Rural IT and Broadband support.

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

Starlith

208 posts

Master Geek

Trusted

#3253463 26-Jun-2024 13:24

I think it depends on license type you have to what more you can do, I thought with a business license you could just create the users in Entra and that would be your Microsoft account for the device?

You can go down the path of local user account with Rufus but if you have an Intune license then you might aswell set the devices up in Autopilot and avoid the local user account altogether

bagheera

539 posts

Ultimate Geek

#3253465 26-Jun-2024 13:27

Starlith:

I think it depends on license type you have to what more you can do, I thought with a business license you could just create the users in Entra and that would be your Microsoft account for the device?

You can go down the path of local user account with Rufus but if you have an Intune license then you might aswell set the devices up in Autopilot and avoid the local user account altogether

hence my question - if it ms 365 standard, then no not an option, ms 365 Premium, then it an option and if I remember right premium also has home -> pro upgrade rights for windows.

nztim

3814 posts

Uber Geek

ID Verified

Trusted

TEAMnetwork

Subscriber

#3253468 26-Jun-2024 13:28

Starlith:

You can go down the path of local user account with Rufus but if you have an Intune license then you might aswell set the devices up in Autopilot and avoid the local user account altogether

^^^^^^^^^^ Best advise, license each user with Business Premium Entra/Intune enroll everything and roll out apps from there

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

Sharesies kids

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).

robjg63

4098 posts

Uber Geek

Subscriber

#3253470 26-Jun-2024 13:31

bagheera:

you say you moved storage to SharePoint, so I am guessing your MS license is not just an exchange online - what license is it?

Good question - I am not sure how to answer that.

Yes we have Sharepoint/Exchange/Teams all the office apps.

The Licenses show as:

Exchange Online
Microsoft Fabric
MS Power automate
Office 365 A3 for faculty

We are a small educational provider - but dont provide MS services for students (fortunately).

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

bagheera

539 posts

Ultimate Geek

#3253477 26-Jun-2024 13:54

so office 365 a3 , so no on intune & Entra ID Plan 1, so no MS account sign-in as an option.

if you do not want central management of PC, then do as coffeebaron say and keep going as is till MS kill off local account total, or look at what licensing need vs cost you can take and upgrade to something with intune and entra p1

gehenna

8498 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#3253482 26-Jun-2024 14:06

You may also benefit from using this scenario as a catalyst for change in the way IT is funded and services are delivered. Conversations along the lines of "it's difficult to manage things like this anymore, it's taking time and it's a poor experience for users and IT, perhaps we need to invest in an uplift of licensing so we can manage this better moving forward. I've done some digging and this is what we'd need, it'll cost this much over the next year. But we also get these extra features and tools to manage things, so the new expense will be offset by reducing effort, which currently costs around xx hours per user/device/onboard per year".

You may run up against a brick wall depending on how IT is valued in the org, or who owns the budget, and what the org priorities are, but if you're ever going to move forward it's opportunities like this one that you should lean into leveraging.

Starlith

208 posts

Master Geek

Trusted

#3253483 26-Jun-2024 14:11

robjg63:

bagheera:

you say you moved storage to SharePoint, so I am guessing your MS license is not just an exchange online - what license is it?

Good question - I am not sure how to answer that.

Yes we have Sharepoint/Exchange/Teams all the office apps.

The Licenses show as:

Exchange Online
Microsoft Fabric
MS Power automate
Office 365 A3 for faculty
We are a small educational provider - but dont provide MS services for students (fortunately).

Mate with that A3 license you do some grunty things that will make life easier for user and device management- just need to sink the time and get the processes sorted. By the end a proper device can be wiped directly from Intune and you can automatically rebuild the device by simply logging in with the users Microsoft 365 business account. Here's a few steps from the top of my head that can start you off down the rabbit hole.

1) You can start off with create two Security Groups one for adding Users and another for Devices (you make these dynamic groups later on that will automatically add Users or Device Objects)

2) Microsoft Entra - Enable Registered Devices (allows your users to enroll devices to the organisation tenant - you can stop here or go further down the rabbit hole..)

3) Microsoft Entra Identity - Enable MFA Microsoft Authenticator App and create a Policy to assign to group (Self explanatory - to provide good identity security with some convenience, there's some templates in there too)

4) Microsoft Intune/Endpont Management - Make sure your devices have a Windows Pro license then Add devices to Autopilot Enrolment and give them a Group Tag such as HP Laptops (this grouo tag can be used to create a dynamic device group)

5) Microsoft Intune/Endpont Management - Create a Security Group as Dynamic Device and use the rule builder to get the Autopilot devices by ID tag

6) Microsoft Intune/Endpont Management - Create Enrollment Profile and assign to the dynamic device group

7) Microsoft Intune/Endpont Management - In Endpoint Security Create an Encryption Policy for Bitlocker and assign to user group

6) Microsoft Intune/Endpont Management - Create a Compliance Profile and assign to the user group

8) Assign other Intune Policies and App deployments to the user group, you can also create device filters and setuo other automations for Microsoft Apps etc

9) Check that your users are in Entra and are assigned the A3 license and are assigned to any other policy groups

From here you should be able to sign into the device with the Microsoft account business email address and the device will get the enrollment profile but there's crap loads of goodies that I've likely missed.

lxsw20

3552 posts

Uber Geek

Subscriber

#3253486 26-Jun-2024 14:22

bagheera:

so office 365 a3 , so no on intune & Entra ID Plan 1, so no MS account sign-in as an option.

A3 Includes Entra P1 and Intune.

Microsoft 365 Education A3 | M365 Maps

If you're getting your licensing for free through MoE, you're possibly entitled to A5. But A3 should do all you need. You'll just need someone to configure it for you to get the best out of it.

Josh22

5 posts

Wannabe Geek

#3253495 26-Jun-2024 14:30

lxsw20:

A3 Includes Entra P1 and Intune.

Microsoft 365 Education A3 | M365 Maps

If you're getting your licensing for free through MoE, you're possibly entitled to A5. But A3 should do all you need. You'll just need someone to configure it for you to get the best out of it.

M365 A3 includes it, I don't believe Office365 A3 includes it. They are different SKUs (M365 vs O365).

https://www.microsoft.com/en-us/microsoft-365/enterprise/compare-microsoft-365-and-office-365

lxsw20

3552 posts

Uber Geek

Subscriber

#3253506 26-Jun-2024 15:03

Yes good point.

If you fall under MoE i'd hit them up about that - https://www.education.govt.nz/school/digital-technology/software/microsoft/ and get upgraded to Microsoft 365, from Office 365 suite. If not and you're under 300 users it may be worth doing a price compare with Microsoft 365 Business Premium to get the features you need.

robjg63

4098 posts

Uber Geek

Subscriber

#3253507 26-Jun-2024 15:06

OK - A genuine thanks for the detailed responses - thanks for giving your time and advice.

(We aren't under MoE).

😀

To be honest - it all sounds like a lot or resources to implement for little real gain on our part with around 10 users.

I will do a bit of research on Intune and Entra.

Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

1 | 2