I have Microsoft accounts for work, my admin credentials at work, my side gig, and my personal. You can not share passwords and still be incredibly frustrated at Microsoft’s stupid refusal to put a “Switch User” link on the login form which autopopulates based on cookies. Otherwise I gotta go find a Microsoft page, log in, log OUT, and then go try my original log in again. This is painful if you’re constantly switching accounts, as Zero Trust requires admins to do.
I’m familiar, and I said nothing about any of that other than that I understood the frustration.
That’s also not the situation of the person I replied to. They thought the correct way to sub for someone in a meeting was to share credentials and log in as the other person.
I was calling out that absymally bad idea, and providing a work around.
To your point, you also shouldn’t be mixing use cases of your devices. You don’t want to end up in some legal shit, or in a data exfiltration investigation.
My personal desktop (and personal laptop when I still used one besides my work one) was a local account, signed into my personal Microsoft account via the browser. That could also work directly signed into the personal account instead of using a local account.
All work stuff stays on work provided hardware, or on a VM. I even spin up a light VM to just open a VPN session so I can remote into work resources. If I had multiple gigs, I’d make separate VMs for them. Personal Microsoft account never fucking touches these.
For elevated access accounts for work: separate browser, separate browser profile, or private browsing mode. Most admin work in Entra is through web portals (or Powershell).
I still can end up with minor issues from stuff like needing to use my admin Entra/Azure account to log into the Microsoft Graph Powershell module, so I end up with two entries in the Entra logon page on the work devices sometimes, but I just select the correct account if I get prompted. If it doesn’t, logout of that specific system/program and select the correct account (which I’m logged into the work machine as). Loss of a few seconds, not this massive issue.
it wasn’t my idea, it was the only option prodivded to me. i didn’t have a work email there yet as i just started working, and it’s work with children - seeing their teachers name pop up and then someone introducting themselves as a substitute is fine, but seeing some guy join in with a random email and name you never heard of would be alarming to the parents
you also shouldn’t be mixing use cases of your devices
All work stuff stays on work provided hardware, or on a VM.
Are you, like, new to the concept of real life?
Those are laudable idealist propositions. That not even high security global corporations always follow to a tee. Some places refuse to provide hardware, demand work account stuff configured in personal devices, and still go out of their way to ban VMs and VPNs. Sometimes you are lucky if the intranet has a reverse proxy.
I have Microsoft accounts for work, my admin credentials at work, my side gig, and my personal. You can not share passwords and still be incredibly frustrated at Microsoft’s stupid refusal to put a “Switch User” link on the login form which autopopulates based on cookies. Otherwise I gotta go find a Microsoft page, log in, log OUT, and then go try my original log in again. This is painful if you’re constantly switching accounts, as Zero Trust requires admins to do.
I’m familiar, and I said nothing about any of that other than that I understood the frustration.
That’s also not the situation of the person I replied to. They thought the correct way to sub for someone in a meeting was to share credentials and log in as the other person.
I was calling out that absymally bad idea, and providing a work around.
To your point, you also shouldn’t be mixing use cases of your devices. You don’t want to end up in some legal shit, or in a data exfiltration investigation.
My personal desktop (and personal laptop when I still used one besides my work one) was a local account, signed into my personal Microsoft account via the browser. That could also work directly signed into the personal account instead of using a local account.
All work stuff stays on work provided hardware, or on a VM. I even spin up a light VM to just open a VPN session so I can remote into work resources. If I had multiple gigs, I’d make separate VMs for them. Personal Microsoft account never fucking touches these.
For elevated access accounts for work: separate browser, separate browser profile, or private browsing mode. Most admin work in Entra is through web portals (or Powershell).
I still can end up with minor issues from stuff like needing to use my admin Entra/Azure account to log into the Microsoft Graph Powershell module, so I end up with two entries in the Entra logon page on the work devices sometimes, but I just select the correct account if I get prompted. If it doesn’t, logout of that specific system/program and select the correct account (which I’m logged into the work machine as). Loss of a few seconds, not this massive issue.
I’ve never seen someone defend Microsoft’s stupid decisionmaking so hard.
For fucks sake. Where did I do anything to defend this shit?
I said I understood the guy’s frustration, called out a bad choice, and offered alternatives.
Then I explained that I did that, and offered more alternative solutions to work around the issue.
How the fuck do you see that much work to keep identities separate and get “I <3 Microsoft”?
it wasn’t my idea, it was the only option prodivded to me. i didn’t have a work email there yet as i just started working, and it’s work with children - seeing their teachers name pop up and then someone introducting themselves as a substitute is fine, but seeing some guy join in with a random email and name you never heard of would be alarming to the parents
Are you, like, new to the concept of real life?
Those are laudable idealist propositions. That not even high security global corporations always follow to a tee. Some places refuse to provide hardware, demand work account stuff configured in personal devices, and still go out of their way to ban VMs and VPNs. Sometimes you are lucky if the intranet has a reverse proxy.
Usually “you might have to adapt this shit to your personal situation” is implied.