
Microsoft has today changed its policy for the way in which Azure AD customers can access email. More specifically, the company has announced it is blocking the creation of personal Microsoft accounts. This is applicable for work/school email accounts configured in Azure AD.
The company says it there has been an overlap between personal and work accounts. Customers have requested that the cloud identity system be cleaned up. Azure Active Directory and personal Microsoft accounts can lead to a confusing system.
In its announcement, Microsoft shows the screen below to show how users are frustrated. The company says users are often confused about how to implement personal/work choices within apps. Others just don't see the point in having two accounts with the same email address.
Azure AD Block
This problem occurs when users create a personal account with their work/school address. Microsoft has now stopped this from being possible for Azure AD domains. Needless to say, creating a personal account with professional credentials is unwise, to begin with. It makes it too easy for attackers to find credentials, so they can get access to professional accounts.
Microsoft is blocking this dual account creation from a single email address. Office 365 and other services based on Azure AD now prevent users from doing this.
Cleaning this up will likely take some time. Microsoft says there are 4 million users with a Microsoft account and work/school account with the same email address. The company says the block is for those creating new accounts.
However, those with existing dual accounts are being urged to rename their personal account. Microsoft says doing this does not impact any work email that has been stored.