Once you’ve switched to a Microsoft account, Windows encrypts your text password with a reversible encryption algorithm. Therefore, any user of the PC with the administrator privileges can easily recover it (refer to this article). This is a security hole discovered in Windows 10 and 8. For security or privacy reasons, you might think of disabling Microsoft account logon sign-in option.

In this tutorial we’ll show you 3 ways to block or disable Microsoft account, making users unable to add or log on Windows 10/8 with Microsoft account.

Method 1: Block Microsoft Account with Group Policy

1. Press the Windows Key + R combination, type gpedit.msc in the Run dialog box and hit Enter.

   

2. The Local Group Policy Editor should open. Navigate to the following location:
   Computer Configuration > Windows Settings > Security Settings > Local Polices > Security Options
3. On the right-side, locate the entry named “Accounts: Block Microsoft accounts” and then double-click on it to open its properties.

   

4. Under Local Security Setting tab, click on the drop-down box and you can see the following three options:
   • This policy is disabled
   • Users can’t add Microsoft accounts
   • Users can’t add or log on with Microsoft accounts

   

5. If you select “Users can’t add Microsoft accounts“, users on the PC will not able to add new Microsoft account. This also means that one can’t switch a local account to Microsoft account. But you can still log on with your existing Microsoft account.

   If you select “Users can’t add or log on with Microsoft accounts“, uses on the PC will not able to add new Microsoft account. The existing Microsoft account will disappear from Windows sign-in screen and you’re unable to login with it. So if you’re already using a Microsoft account, you should first switch to local account before applying this policy.

   After selecting the right policy, click Apply and then OK. Sign out or restart your computer for the policy to take effect.

Method 2: Block Microsoft Account with Registry Trick

Group Policy Editor is not available in all versions of Windows 10/8. If you don’t have access to Group Policy Editor, you need to block Microsoft account through the Windows Registry. Here’s how:

1. Press the Windows key + R to open the Run box. Type regedit and hit Enter.
2. When the Registry Editor opens, navigate to the following keys:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. In the right pane, you’ll see a value named NoConnectedUser. If the value doesn’t exist, right-click on the empty space to create a DWORD value and name it NoConnectedUser.
4. Set the NoConnectedUser value to 1 if you just want to block users from switching to Microsoft account, or set it to 3 if you want to block users from either adding or logging on with Microsoft account.
   • 0 = Allow Microsoft Accounts
   • 1 = Users can’t add Microsoft Accounts
   • 3 = Users can’t add or log on with Microsoft accounts

   

5. You can now close the Registry Editor window and reboot the machine.

Method 3: Block from Switching to Microsoft Account

Here is another registry trick that could also be used to block users from switching to Microsoft account. Follow these steps:

1. Press the Windows key + R to open the Run box. Type regedit and hit Enter.
2. When the Registry Editor opens, navigate to the following keys:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Settings\AllowYourAccount
3. In the right pane, double-click on the entry “value” and set it to 0.

   

4. Log off and log in. Open the Settings charm and select Accounts, you’ll find the option lablelled “Sign in with a Microsoft account instead” is now greyed out. That’s it!