Microsoft has done us as users and itself a disservice. At work we are using email addresses in the form of Firstname.Lastname@onedomain.tld. They’re deemed the canonical form. Nothing unusual so far. Some of us, notably those who had something to do with Microsoft services such as MSDN subscriptions, already had an account with Microsoft to which said subscriptions were tied.

Then at some point our company started signing up to Office 365. That meant that the Active Directory accounts were now also tied to a Microsoft account, via the email addresses in their canonical form. But instead of doing the reasonable thing and letting users merge the preexisting Microsoft account with the newly established one of the same login name, Microsoft decided to do the unreasonable and automatically created a second Microsoft account using the exact same Firstname.Lastname@onedomain.tld login name. Not only was this done without user consent, it also caused plenty of issues as you can easily verify by doing a web search on the topic.

So suddenly we found ourselves with one account by the login name Firstname.Lastname@onedomain.tld which Microsoft decided to declare as “private” and another one by the identical login name Firstname.Lastname@onedomain.tld which Microsoft decided to declare as “work”. The latter was the one tied to the Active Directory. I’ll go by the names “private” and “work” account ((In reality both accounts are exclusively used for stuff related to my work, which made the forced and uncalled split of the accounts especially frustrating.)) from now on to spare my readers a lot of confusion. To this day Microsoft doesn’t seem to offer a means of merging one account into the other. And indeed this would probably cause some additional confusion.

Now, some of the login forms offered for Microsoft services would actually – after you entered the login name – ask you if you meant to log into your “work” or “private” account. Others completely neglected the distinction, which caused a lot of annoyance and confusion, because sometimes it was outright impossible to log in with the correct account.

Recently our company changed login names for several Active Directory users to username@otherdomain.tld. The upside of which was that suddenly I had again two distinct login names: username@otherdomain.tld for the “work” account and Firstname.Lastname@onedomain.tld for the “private” account.

So all great?

Well, no. My company MSDN subscription was assigned to my “work” account up to that point. But for no reason whatsoever, other than that now there was only a single account with the login name Firstname.Lastname@onedomain.tld I ended up with the MSDN account being reassigned to the “private” account. It does make some sense, actually if you consider that the assignment of an MSDN subscription happens by assigning to an email address ((In fact you can enter two addresses these days, one for sign-in purposes and one for notification emails.)). Now the way I logged in in the past to activate my MSDN subscription was evidently what caused it to be tied to the “work” account in the first place. But the fact that my “work” account no longer went under the old login name, but another account with that login name existed, caused the MSDN subscription to “switch over”.

No harm done in my case. But if you go by any rationale you can come up – other than that it’d be an inconvenience for Microsoft to offer a path to merging two accounts – then such rationales suggest this would potentially be a security issue. The other account now has access to all the downloads and product keys now.

And all because someone at Microsoft decided it’d be a good idea to allow two accounts with identical login names in the first place.

// Oliver

This entry was posted in EN, Thoughts and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *