Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Saturday, 19 August 2017 10:33

Microsoft breaks Windows 10 Microsoft account sync for corporates


When is a bug not a bug? When Microsoft decides to make an unannounced, uncontrollable feature which takes away existing functionality, putting another nail in Edge's coffin vs. Chrome and Firefox.

I received a new laptop yesterday. I'd previously enjoyed a Lenovo Carbon X1 1st generation ultrabook years ago, and yesterday gratefully picked up my new fifth generation model. Still super-slim, still super-fast.

Yet, while busily installing all my applications, tools and settings, and synchronising Dropbox and email I noticed something was not right.

My user icon had not reappeared. Nor had my Microsoft Edge bookmarks and settings come back. Windows apps kept prompting me to sign-in.

Under Settings / Accounts / Sync your Settings the option to synchronise my Windows 10 settings across devices was off, and worse, it was greyed out. It was simply disabled. I could not turn this on. The page prominently stated in red I needed to add a Microsoft account to enable synchronisation.


However, Settings / Email & app accounts showed my Microsoft account. Clicking Help and browsing simply said to enable sync, be sure to add a Microsoft account here. I was doing everything according to normal, and I was doing everything according to the available documentation.

I reached out to Microsoft for help. Technician Melvinson M on service request 1395388007 remotely connected, then without asking chose to perform a system restore to the earliest possible time he could - wiping out all my installs. I was horrified by this digital vandalism. Of course, this did not solve the problem and was a lazy first step. Thankfully, System Restore works both ways, so I was able to revert back again! Phew!

Even so, I still had non-functioning sync. Yet, I fixed it, and you can too.

First, why did this break? The answer is because Microsoft chose to remove this functionality. Of course, without informing users, without updating the messages on their Sync your settings screen, without updating online documentation, and without informing their own support desk.

To be very specific, this problem arises from the circumstance where you have a domain-joined Windows 10 computer running Windows version 1703 aka the Creator's Update.

If you have an older version of Windows 10 you may not see this problem. If like me, you take delivery of a new computer with a fresh installation of the current version of Windows 10 you will see this problem.

If you do not use your Windows 10 device in a corporate environment you will not see this problem.

If, however, you use your computer connected to a corporate domain then you will experience it.

Information can be found on Microsoft's Feedback app where a Microsoft Technician named Anand N states,

"In the Windows 10 Anniversary Update, domain joined users who connected their Microsoft Account (MSA) could roam settings and data between Windows devices.  Many IT Pros told us that this functionality was not consistent with their policies for managing information owned by the organization. They did not want their PCs roaming to an individual’s personal cloud. A group policy to prevent users from connecting their MSAs did and does exist, but this setting also prevents users from easily accessing their personal Microsoft services.  To address IT Pro concerns, we removed the ability for domain joined machines to roam with an MSA.  Enterprises can still enable Enterprise State Roaming with Azure Active Directory."


In essence, Anand says Microsoft deliberately removed the ability to sync settings between Windows 10 computers for domain-joined machines in the Creator's Update.

Unsurprisingly, the response from those, like me, who spent time and effort trying to diagnose a problem - which should have been explained somewhere, at the very least on the Sync your Settings screen itself - is negative.

"Another example of a lazy decision by Microsoft, Some ITPro's support syncing for domain joined devices, why has Microsoft not made this a GPO setting that allows both use cases? We are getting very concerned about changes that Microsoft make that impact this operating system - Short Sighed Microsoft Engineers?"

"I don't understand how, in the world of BYOD and working from home, this could possibly be a good decision.By all means, as already stated, add the GP to enable/disable this feature, but to kill it completely, c'mon Microsoft! It's either roll back to 1607 or stop using Edge. In fairness, I preferred the whole sync desktop/favourites/settings and have used this feature since it was first introduced way back with Win 7 - or was it Vista....!"

"Fix the GPO and the behavior. I don't want ESR via AAD only."

"This is just ridiculous. If you're going to add this sort of block you have to make it easy to re-enable this. Requiring Azure AD is just silly. This is a hugely valuable feature for some folks."

"Reeks of a sleazy sales pitch for migrating to Azure AD instead of running in house DCs. Fix the behavior properly, don't cripple it entirely."

"This is fixing a problem with a sledge hammer instead of a simple switch.  Please create a GPO setting to control this behavior so that the many of us who rely on this synchronization can use it."

"So frustrating.  I really wish you would be a little more strategic about the changes you make to Windows.  There are many of us out here that depend on it for revenue."

"After spending hours trying figure this out I find it is a feature and not a bug. This will be the last straw for me with Edge. I will now welcome Chrome on all 10,000 devices in my network. People being able to get to their shortcuts is important in todays multi-device world. Microsoft needed to control this with GPO and document the issue."

"Stupid decision! Why not make the administrator the one that takes this decision instead of Microsoft! (I bet you broke this and can’t fix it – this really sounds like a bad excuse)"

"This has broken Edge for me.  I can't move my favorites from my old computer to my new computer without this feature.  At least I can sync my Chrome bookmarks."

"I don't understand why this can't be put into a GPO. I just spent 3+ hours troubleshooting this only to discover it's not a bug, but a feature! I WANT my users to be able to roam with MS Account...."

"I too object to this new behavior. I did a clean install on Creator's Edition to get rid of a lot of debris which had accumulated over the years. Now I am locked out of my MSA. This should have been a new policy which could be set by people with the right authority. Now I have to consider another complete clean install of Win 10 and then an update to Creators Edition. Please consider adding this as a policy, even if it defaults to the new behavior. Please advise."

And on and on. The comments all agree that Microsoft has made a change which has disrupted many workers who use Microsoft sync for many valid reasons. The change was not documented, not even in the very "Sync your Settings" screen, and certainly, Microsoft's own technicians are unaware of it.

What can you do? There are three options.

One is to abandon Microsoft Edge and stick with Google Chrome or Mozilla Firefox. After all, synchronisation works perfectly still within these apps.

Second, if you can, perform a clean install of Microsoft Windows 10 build 1607, set up your sync settings, then upgrade. Testing shows this feature successfully remains if you have it in place before upgrading to the Creator's Update.

Thirdly, export a registry key from an existing computer that still has this sync enabled if you have one.

Fortunately, I still have my previous laptop and this worked for me.

Using RegEdit, navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities. You should find your Microsoft account listed as an entry under this, and under that, the Security Identifier - or SID - for your domain-joined account. Export the entire Microsoft account registry branch under StoredIdentities.

Move this to your new computer, then import into your registry. Double-check your SID is correct, though provided you've signed in with the same Active Directory account, then it should be. You can confirm by browsing further down the registry under HKEY_USERS and noting the SID there.

Viola! Open Settings/Accounts/Sync your Settings again and this time it is all open, enabled and manageable. You will not be able to sync passwords until you verify your identity on the new computer but that's a trivial, and routine, exercise.

Oy vey! Thanks for nothing, Microsoft. 

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News