Signing-in Windows 8 with a Windows Live ID Gives You Control What to Sync Between Domain-joined PC and other PCs

Microsoft is providing Windows 8 users the option to log into their PCs and tablets using their Windows Live ID. "With Windows 8, we introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all […]

Microsoft is providing Windows 8 users the option to log into their PCs and tablets using their Windows Live ID. "With Windows 8, we introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all of your PCs," said Steven Sinofsky.

At the Build conference, Microsoft revealed that users will be allowed to sign into their Windows 8 PCs using an existing or newly created Windows Live ID.

Now in a September 26 blog, Katie Frigon, the group program manager of the You-Centered Experience team, describes the feature and its benefits. Signing in with an ID allows you to:

  • "Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8 PC. Your PC will be set up just the way you are used to!
  • Easily reacquire your Metro style apps on multiple Windows 8 PCs. The app's settings and last-used state persist across all your Windows 8 PCs.
  • Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time.
  • Automatically sign in to apps and services that use Windows Live ID for authentication," explains Frigon.

Frigon says "When you buy a Windows 8 PC and set up your user account for the first time, you can optionally choose to create an account that is associated to a Live ID. You can either use an existing ID or create a new one. If you choose to create a new one, you can use any email address you want as your new ID, and then create your unique password." Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.

In the Windows 8 Control Panel, there is a section called "Sync PC Settings" that will allow Windows 8 users to turn sync on or off. Users can turn off all syncing or vary it based on the type of setting. (Customizable settings groups include Personalize, Themes, Ease of access, Language preferences, Apps, Web browser, "Other stuff" and Some passwords.)

The syncrhonized settings data is stored in the Microsoft "cloud" separately from users' other Windows Live data, ("for example, what you store on SkyDrive," Frigon said.)

There are other ways that business users can take advantage of the roaming state/settings, as well. IT administrators can control what users can sync on their work PCs through group policy. In addition, Frigon said in her post:

"Using the new Restore/Refresh tools, it is possible to easily create an image that has your preferred desktop apps installed, and then use that as a refresh point. If you do want to roam your settings for desktop apps then you can continue to use the mechanisms available for roaming profiles and client side caching of files available with Active Directory and Windows Server."

She said "Having a truly personal experience in Windows 8 also includes your Metro style apps--how you use them, the settings you use, and where you left off. It will be easy to see which Metro style apps you've purchased and choose which ones you want to have on each of your Windows 8 PCs. By using your ID to sign in to Windows, the settings and state for your Metro style apps stay in sync between each PC you use.[…]We will also enable developers to build Metro style apps that tell Windows their state, so you can pick up where you left off as you move between PCs. You can pick up on the same page of a book, the same level of a game, or the same place in the movie you were watching as you switch between your Windows 8 PCs. In the developer preview of Windows 8, you can see this functionality in Internet Explorer 10."

You might be wondering how you can roam non-Metro style apps and settings without a domain. "Using the new Restore/Refresh tools, it is possible to easily create an image that has your preferred desktop apps installed, and then use that as a refresh point. If you do want to roam your settings for desktop apps then you can continue to use the mechanisms available for roaming profiles and client side caching of files available with Active Directory and Windows Server."

"Another benefit of signing in with a Windows Live ID is how we've simplified the need to sign in to multiple services and applications. Second, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you've trusted and verified yourself with. You won't have to type in your user name or password; just confirm your sign-in as needed. "

"When you associate your Windows user account with a Windows Live ID, there are three categories of data that are especially interesting from the privacy and security perspective:

  1. Your Windows Live ID user name and password
  2. Your Windows Live ID user profile
  3. The settings and data you choose to sync"

"With Windows 8, we want to put you in control of how your data is used and what you want to sync between Windows 8 PCs. When you choose to sign in to your Windows 8 PC with a Windows Live ID, only a small amount - your first name, last name, and display name -- are shared with Windows. Windows does not use any of your other profile data. Your profile data stored in the cloud is released to apps or websites that you allow to have that data. While any Metro style app can leverage Windows Live ID for their own sign-in authentication, they must always ask you first if you want to allow access to particular details from your profile."

"You might be concerned with how profile data is protected. In order to secure user data, we've taken several measures. First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish "trust" for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address."

"Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming. This is very important. So for example, Internet Explorer's history is saved as a roaming state but is not used or accessed in any other context--it is no different than if you had manually created that same record of website history on another PC," explianed Frigon.