Microsoft Accounts vs Office 365 Accounts - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, May 13, 2022

Microsoft Accounts vs Office 365 Accounts

 The most important thing about all kinds of confusing Microsoft account terms is that work and personal accounts are separate even though they can have the same login credentials. Both the accounts are completely different from each other. Just like you can sign up to Google and Amazon with the same email, they can also have the same email address.




Microsoft provides three main Identity services - Active Directory, Azure Active Directory and Microsoft Accounts.
thumbnail image 1 captioned Microsoft's three main Identity platformsMicrosoft's three main Identity platforms

Microsoft Account - Free

A Microsoft Account is the modern name given to the Identity system that provides authentication and authorization to Microsoft's consumer services. It's had other former names, like Microsoft Passport or a Microsoft Live Account and is sometimes referred to as a personal account. A Microsoft Account can be used to sign in to Outlook.com, Office subscriptions, Skype, OneDrive, XBox Live, Bing, the Microsoft Store, Windows and MSN:

thumbnail image 2 captioned Consumer services that use a Microsoft AccountConsumer services that use a Microsoft Account

Here are some common scenarios:

A Microsoft Account can be created with a new email address and mailbox at Outlook.com. You can even choose Hotmail.com as a valid domain name for this service.

A Microsoft Account can be created when you sign into a new Windows 10 computer for the first time.

A Microsoft Account can be used to sign into Microsoft 365 home plans such as Microsoft 365 Personal, for access to Office applications,  including the consumer version of OneDrive.

 

With a Microsoft Account, Microsoft controls and manages all of the configuration and settings of the Identity platform. It's designed to scale to a broad base of consumer users across the globe, all in the one system. So, you will have a conflict if you try and create a Microsoft Account with a username that has already been taken.

 

You don't need to create a new email account or use the outlook.com or hotmail.com domains for your new Microsoft Account. In fact, you can even use a Gmail address to register for a Microsoft Account: 

Microsoft Accounts

Microsoft Accounts interact with the majority of Microsoft’s consumer-focused products and then some and can be used to sign into Windows 8 and above. Microsoft lists services such as:
– XBox Live
– Skype
– One Drive
– Microsoft Store
– Outlook.com.

It also works with:
– MSDN subscriptions
– Visual Studio Subscriptions
– Azure Subscriptions
– Visual Studio Team Services

Creating a personal Microsoft account is free as well as providing access to the online version of Outlook email. If you have to use other office applications like word, excel, etc then all that will not be possible without an official account so need to create an office account. 

With outright purchase, you’ll know exactly how to work with Microsoft’s content. In addition, you can avail the service of an annual subscription upon purchase of Office 365. Office 365 with Microsoft offers two packages for a single or up to 6 individual users (which is called home). Office 365 is considered cheaper than outright Office. Office 365 has the option to log in online from anywhere and is easily accessible.

A personal account has the option of accessing a OneDrive which is easily done where your documents and important data can be stored online which is secure there. You can also pay separately for its storage expansion. If you have an Office 365 account, it has enough space where documents can be stored securely. Apart from this, OneDrive can be used from any internet-connected device.

Microsoft/Personal account is created for personal use. This account is user-oriented which helps sign in to Microsoft products and cloud services like Outlook, Messenger, OneDrive, MSN, Xbox Live, etc.



(Microsoft) Office 365 Account - Paid

The account you use in Office can be a new or existing Microsoft account, or an account assigned to you by your work or school. Many people have both types. Which one you use depends what you're trying to do, but in most cases you need an account to:

  • Install and activate Office   With many newer versions of Office, your account shows who the Office license belongs to. You use this account to sign in to Office on your devices.

  • Manage Office   Sign in to office.com anytime you need to install or reinstall Office, update your security settings, account profile, and if you have a subscription, your payment and billing information.

  • Access your email and other cloud services   You might also use this account to access your Outlook email, calendar, and contacts, or any files you saved to a Microsoft cloud-service such as OneDrive, Teams, or SharePoint.


If you have paid for a subscription to Office 365 either for personal use or as part of a school or work account, you will have an email and password to log into your Office 365 services. If the account is through school or work the email name will be set by an administrator.

As of April 21, 2020, the official branding of Microsoft's productivity suite has changed from Office 365 to just Microsoft 365. The new naming convention reflects Microsoft's strategy of providing a single complete productivity platform for its customers.



Office 365 accounts interact with most of Microsoft business-focused products like Skype For Business, Delve, One Drive for Business, SharePoint online, Power BI, etc.

Microsoft 365 Business

Microsoft 365 Business is designed for SMBs with 300 users or less. It’s comprised of:

  • The MS Office suite
  • 1TB of storage
  • Device management capabilities via Microsoft Intune
  • Basic data and app security

For specific product information, click here.

Microsoft 365 Enterprise

Microsoft 365 Enterprise was made for larger organizations that need stronger security and device management functionality. It’s broken up into three tiers:

  • F1 (for Firstline Workers)
    • Office 365 (minus Access)
    • Basic threat protection
  • E3 (Basic Tier)
    • Office 365
    • Basic threat protection
    • Office 365 Data Loss Prevention
  • E5 (Premium Tier)
    • Office 365
    • Advanced threat protection
    • Office 365 Data Loss Prevention
    • Audio conferencing/Phone system
    • Advanced compliance tools
    • Analytics tools

For specific product information, click here.

what is in microsoft office suite

Microsoft 365 Education

  • A1 (Basic)
    • A free, limited version of Office (for students and teachers) complete with all the essentials needed to enhance learning in the classroom
    • Basic information protection
  • A3 (Standard)
    • Everything in A1
    • Full access to Office desktop apps
    • Stronger information protection and security management tools
  • A5 (Premium)
    • Everything in A3
    • Advanced security tools
    • Advanced compliance tools
    • Analytics systems

For specific product information, click here.

Microsoft 365 Home

  • Personal
    • One person
    • 1TB of storage
    • Access to the latest Office apps
    • Seamless experience across screens
  •  Family
    • 2-6 people
    • 1TB of storage per person
    • Same apps and experience as the Personal plan
    • Premium safety features accessible via the mobile app

Microsoft offers three main packages for Workplaces: Business, Business Premium, or Business Essentials. All three provide access to the online version of Office. Businesses and Professionals provide premium applications so that the user can perform their tasks from the computer. They also provide the service of OneDrive where documents and important data can be protected. It is quite safe. That is, Onedrive can be used for both accounts. Also, installing files in SharePoint other than Onedrive is considered safer when you are doing business with more than one person. This allows the business to run in full swing. It enables all employees to access their files securely online which saves time.

The Work account is created by an organization within the azure Active Directory domain as an authentication and authorization platform. In addition to Azure Directory, Microsoft provides an identity platform. But you can make some changes according to you like adding your name in a custom key which is required for multi-factor authentication. Also Azure gives you the advantage of more tools like Powershell, AzureCLI and REST API, etc. With the help of these tools, you can monitor an event as well as focus on its safety.


A work or school account with Azure Active Directory

A work or school account is created by an organization using a business service that has Azure Active Directory as the authentication and authorization platform. This includes business plans for Microsoft 365 including Outlook Web Access and OneDrive for Business, Microsoft Intune and Windows 10 devices that are connected to your organization's Azure Active Directory domain, as well as Microsoft Azure resources.

With Azure Active Directory, Microsoft provides the identity platform as a service but you can modify some of the configuration and settings, such as adding your own custom domain name (to get @yourorg.com) or requiring multi-factor authentication. Your Azure Active Directory instance is available via the Azure Portal and other management tools like PowerShell, the Azure CLI and the REST API. And you can also monitor and investigate advanced security events with integration into tools like Azure Sentinel.



Interoperability

Lets look at some difference scenarios that might involve these two services together.

Synchronization

There is no synchronization of user account information between Microsoft Accounts and Azure Active Directory, like you can achieve with Active Directory and Azure Active Directory. This is due to the separation of that consumer versus business identity platform.

Guest accounts

Even though you can't synchronize Microsoft accounts into your Azure AD (or vice versa), you can invite someone as a guest user into Azure with their Microsoft Account email address. They'll appear in your directory with Microsoft Account listed at the source and you won't be able to perform any user administration on their account such as renaming them or resetting their password. This is useful though for inviting external people to collaborate and is the method behind the scenes if someone's Microsoft Account is invited to be a guest in Microsoft 365 services like Teams.

Azure AD B2C

In addition, Microsoft provides a service called Azure Active Directory B2C which DOES support using Microsoft Accounts as an authentication source for access to your applications, as well as other consumer identity directories like Facebook, Twitter, Google, Amazon and OIDC compliant business and government identity providers. For more information, visit What is Azure Active Directory B2C?

thumbnail image 7 captioned Azure Active Directory B2C allows consumer and OIDC identities to be authentication sources for Azure.Azure Active Directory B2C allows consumer and OIDC identities to be authentication sources for Azure.

Difference between Microsoft Account and Office 365 Account



Here’s a quick overview.

microsoftaccountlogoMicrosoft office365logo3

Email address

– Your primary address Yahoo! or Gmail,
or
– Hotmail (msn.com, live.com)
or
– Outlook.com

– Your primary address (Work or school email address)
or
– onmicrosoft.com


Used for

– Log into Windows
– Log into Outlook.comOutlook.com, Hotmail, Office, OneDrive, Skype, Xbox,

– Log into Office 365 hosted Exchange mailbox
– Log into Office 365 Sharepoint / Lync

Office subscription

Office 365 Home

Office 365 ProPlus

Online files

OneDrive personal

OneDrive

Comparison Table Between Microsoft Personal and Work Account

Parameters of Comparison Microsoft Personal Work Account
DomainA personal account does not come with the domain. There is a domain name in the work account.
Purpose     Microsoft Personal Account is used for personal choresMicrosoft Work Account is provided by the employer for employment purposes.
FeaturesIt gives you access to the online version of Outlook for your email and Onedrive.The work account provides Office 365 package
CostA personal account is created by you free of cost.The employer pays for your Work Account and buys the Active directory which comes with the custom domain as well
ExpirationYou can use this one continuously.Work Account changes with the change of employer.


Azure Account VS Microsoft Account

Microsoft Online business services, such as Microsoft 365 or Microsoft Azure, require Azure AD for sign-in activities and to help with identity protection. If you subscribe to any Microsoft Online business service, you automatically get Azure AD with access to all the free features.

When a user signs up for a Microsoft cloud service, a new Azure AD tenant is created and the user is made a member of the Global Administrator role. 

All of your users have a single home directory for authentication. Your users can also be guests in other directories. You can see both the home and guest directories for each user in Azure AD.

Microsoft 365 and Azure use the Azure AD service to manage users and subscriptions. The Azure directory is like a container in which you can group users and subscriptions. To use the same user accounts for your Azure and Microsoft 365 subscriptions, you need to make sure that the Azure subscriptions are created in the same directory as the Microsoft 365 subscriptions. Keep in mind the following points:

  • A subscription gets created under a directory
  • Users belong to directories
  • A subscription lands in the directory of the user who creates the subscription. So your Microsoft 365 subscription is tied to the same account as your Azure subscription.
  • Azure subscriptions are owned by individual users in the directory
  • Microsoft 365 subscriptions are owned by the directory itself. Users with the right permissions within the directory can manage these subscriptions.

Screenshot that shows the relationship of the directory, users, and subscriptions.


If you're Azure subscriber, you can use your Azure account to sign up for a Microsoft 365 subscription. If you're part of an organization that has an Azure subscription, you can create Microsoft 365 subscriptions for users in your existing Azure Active Directory (Azure AD). Sign up for Microsoft 365 using an account that has Global Admin or Billing Admin permissions in your Azure Active Directory tenant.




No comments:

Post a Comment