Block all consumer Microsoft account user authentication

When enabled, this policy will prevent all applications and services on the device from new consumer Microsoft account authentication via the Windows OnlineID and WebAccountManager APIs. This policy may not affect applications which have already authenticated until the authentication cache expires, so it is recommended to set this policy when setting up a device to prevent any cached tokens from being present on the device. This policy does not affect authentication performed directly by the user in browsers or in apps that use OAuth.


Supported on: At least Windows 10 Server, Windows 10 or Windows 10 RT
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\MicrosoftAccount
Value NameDisableUserAuth
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

msapolicy.admx

Administrative Templates (Computers)

Administrative Templates (Users)