Block all consumer Microsoft account user authentication

When enabled, this policy will prevent all applications and services on the device from new consumer Microsoft account authentication via the Windows OnlineID and WebAccountManager APIs. This policy may not affect applications which have already authenticated until the authentication cache expires, so it is recommended to set this policy when setting up a device to prevent any cached tokens from being present on the device. This policy does not affect authentication performed directly by the user in browsers or in apps that use OAuth.


Supported on: At least Windows Server 2016, Windows 10 Version 1703
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\MicrosoftAccount
Value NameDisableUserAuth
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

msapolicy.admx

Administrative Templates (Computers)

Administrative Templates (Users)