With Windows 8, Microsoft will introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all of your PCs.
"In Windows 8, we have set out to ensure that each PC user has a truly
personal experience that seamlessly bridges their online and offline tasks,
is simpler to set up and use, and persists across their set of Windows 8
PCs," Katie Frigon, the group program manager of the You-Centered Experience
team (Microsoft) wrote at the company's blog.
Signing in with an ID allows you to:
- Associate the most commonly used Windows settings with your user account.
Saved settings are available when you sign in to your account on any Windows
8 PC. Your PC will be set up just the way you are used to.
- Easily reacquire your Metro style apps on multiple Windows 8 PCs. The
app's settings and last-used state persist across all your Windows 8
- Save sign-in credentials for the different apps and websites you use and
easily get back into them without having to enter credentials every time.
- Automatically sign in to apps and services that use Windows Live ID for
When you buy a Windows 8 PC and set up your user account for the first time,
you can optionally choose to create an account that is associated to a
Windows Live ID. You can either use an existing ID or create a new one. If
you choose to create a new one, you can use any email address you want as
your new ID, and then create your unique password. For example, you can use
email@example.com or you can use firstname.lastname@example.org. You just need to
identify an email address that you want to have associated with the Windows
Live ID service, and provide a unique password. Of course, you can also
continue to use local Windows accounts as you always have and obviously,
domain-administered accounts work as they always have as well.
With Windows 8, Microsoft is also working to allow you to be able to have
your personal Windows experience on any Windows 8 PC you sign in to with
your Windows Live ID. Settings such as your lock screen picture, desktop
background, user tile, browser favorites and history, spell check
dictionaries, Explorer settings, mouse settings, and accessibility settings,
among many others are now associated with your Windows 8 account and stored
in the cloud. They are kept in sync and come down to each machine you use as
they are changed or updated.
In addition, it will be easy to see which Metro style apps you've purchased
and choose which ones you want to have on each of your Windows 8 PCs. By
using your ID to sign in to Windows, the settings and state for your Metro
style apps stay in sync between each PC you use.
Another benefit of signing in with a Windows Live ID is how Microsoft has
simplified the need to sign in to multiple services and applications. This
is accomplished in two ways. First, once you've signed in to Windows with
your ID, you do not need to enter it again to sign in to any app or website
that also uses Windows Live ID. For example, once you sign in to Windows
with your ID, you can launch the Windows Chat app and start talking with
your friends without the need to sign in again. Similarly, you can browse to
your Hotmail inbox page without needing to enter your email address and
password again. You can always sign out of a webpage and sign in as a
different user, but by default you will be automatically signed in. To be
clear, however, those applications and websites do not have special access
to your Windows PC or your personal data.
Second, if you choose to, Windows can store separate Metro style app and web
site credentials. Those credentials can then sync to each Windows 8 PC that
you've trusted and verified yourself with. You won't have to type in your
user name or password; just confirm your sign-in as needed. Similar to the
Chat application example, when launching a Metro style application that uses
this feature, you will be signed in automatically and the application will
resume right where you left off.
If you choose to associate your local account with an ID, Microsoft has
provided control over what you want to sync to each Windows 8 PC you use. In
Control Panel, there is a section called "Sync PC Settings" where you can
manually turn settings sync on or off.
You can choose to turn off all syncing or you can turn off syncing per the
type of setting. The settings groups include:
Ease of access
In addition, you can also roam the desktop themes you use and create,
including colors, sounds, and desktop background (note: currently for the
background image Microsoft roams the original image that was selected if
it?s under 2MB. If the image is over 2MB Windows compress and crop the image
It is also important that you maintain control of your data when work and
personal start to mix. In Windows 8, when you link your Windows domain
account to a Windows Live ID, Microsoft asks you up front (before data is
synced) what data you want to sync between your domain-joined PC and other
PCs you use with that ID. That way, you can decide if things like your web
history, favorites, or credentials should sync to your work machine, or if
you'd prefer to keep those or anything else that is synced only on your
Microsoft also empowers IT administrators to control what a user can sync to
a work PC through group policy. The company have provided control to IT
administrators to decide if a worker can link their domain account to an ID,
and if the admin allows that link, what types of data the worker is allowed
Finally it's important to note that credentials that are entered and stored
on a domain-joined machine do not get uploaded to the cloud, and never get
synced to your other PCs - this ensures that corporate credentials stay on
the PCs that are managed by the IT admin.
When you associate your Windows user account with a Windows Live ID, there
are three categories of data that are especially interesting from the
privacy and security perspective:
Your Windows Live ID user name and password
Your Windows Live ID user profile
The settings and data you choose to sync
Microsoft has taken measures to safeguard the ID and password you use to
sign in to Windows. First, Microsoft will require a strong password (and you
can't leave password blank). Next, the company collects a secondary proof
of your identity. This will allow us to establish "trust" with specific PCs
that you use frequently or own. This in turn will also enable more secure
syncing of private data like passwords. Collecting the secondary proof of
your identity also helps make account recovery easier and more secure.
Signing in with a Windows Live ID also gives you much more control over your
password, including your ability to recover a lost one. If you use a local
account and you forget your password, you're in a tough spot, and your
options are limited. You may be able to recover your password with a hint or
a recovery key, but if neither of those works, you're generally left with
having to rebuild your PC from scratch. However, if you sign in to your PC
with your Windows Live ID and you later forget your password, you can reset
your password from another PC by navigating to https://login.live.com and
clicking on "forgot my password."
Windows Live ID also includes a number of different safety features to
detect if your account is stolen, and it will change your account to a
"compromised" state (limiting what it can do) until you can regain control
of your account using the two-factor authentication features (secondary
proofs) that you set up earlier. Importantly, you will still have full
access to your PC, since your PC will allow you to log in with the password
you had before your account was stolen - you just won't be able to use the
services and applications that rely on this ID until you go through
Microsoft's "recover my account" workflow online.
Microsoft added that Windows does not use any of your other profile data.
Your profile data stored in the cloud is released to apps or websites that
you allow to have that data. While any Metro style app can leverage Windows
Live ID for their own sign-in authentication, they must always ask you first
if you want to allow access to particular details from your profile.
As mentioned earlier, there are three categories of data that can be synced
to your Windows 8 PCs when you sign in with your ID: 1) Windows settings, 2)
App settings and data, and 3) credentials. This data is stored in the cloud
so that it is available to you when you sign in to your various Windows 8
PCs. The size of the data we roam is minimal and we only enforce some limits
on a per setting basis, for example, the file size for the lock screen
image. None of this counts against your Windows Live storage quota. This
data is also stored separately from your other Windows Live data, for
example, what you store on SkyDrive.
In order to secure user data, we?ve taken several measures. First, we do
not roam data over WWAN by default. Second, all user data is encrypted on
the client before it is sent to the cloud. All data and settings that leave
your PC are transmitted using SSL/TLS. The most sensitive information, like
your credential information, is encrypted once based on your password and
then encrypted again as it is sent across the Internet. The data stored is
not available to other Microsoft services or third parties. Lastly, before
the sensitive information can be accessed on a second Windows 8 PC for the
first time, you must establish "trust" for that PC by providing further
proof of your identity. This further proof can be done by providing Windows
with a code sent to your mobile phone number or by following the
instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only
accessed by Windows for roaming.