Discussion in 'AntiVirus, Firewalls and System Security' started by Winterknell, Mar 20, 2019.

    I started work at a place last year as IT Manager and was assigned a new Win10 Home laptop to use for work. I sign onto the laptop using a local account, and I access all work-related Microsoft Office applications using my work email, which has its own Microsoft Office subscription via ActiveDirectory. The machine login is a local account because Microsoft wouldn't accept my work email to create a Microsoft account, I didn't want to proliferate extra accounts, and when/if I leave the job this machine may pass to someone else.

    Recently I bought a new Win10 Professional laptop for my own use, and I used my personal, non-work-related email to sign onto that. My personal email has its own, separate Microsoft Office subscription.

    Let me be very clear, these two email addresses have separate Microsoft Office subscriptions and of the two machines, one is owned by my work and the other by me. They are separate worlds. I signed into Outlook on the personal machine using both addresses for my own convenience and I suspect that when I did this Microsoft unilaterally decided to combine the two machines.

    While setting up the new machine I noticed that it was using my work wallpaper, but I thought nothing much of it at the time ("that's freaky", but I was busy setting up my new toy). Later I added a selection of new wallpaper to the personal machine and then today I noticed that Windows is now using some of those images as wallpaper on my work machine. Obviously there is some unasked-for sharing going on. I went in to disable sync and noticed, first, that under "Your Info" Windows has now assigned my personal email as the email address for the work machine (this is probably how the wallpaper is getting through), and second, that under "Sync your settings" the option is Off but, additionally, is flagged in yellow text "Sync is not available for your account. Contact your system administrator to resolve this."

    Well, guys, I am the system administrator, with control of my employer's ActiveDirectory and Azure environments, and I have no idea how to resolve this. The likeliest option seems to be to create an otherwise useless Microsoft account, but now that Microsoft has crossed the streams there seems no easy way to substitute that account for my personal email on the work machine without performing a factory reset.

    My concerns are

    1. Privacy - my employer deals with sensitive client information; my personal machine, not so much. This junction creates a security hole that might leak personally identifying information of clients should my personal laptop get stolen. I can remove my work email from Outlook on the personal machine, but I suspect that the damage is already done.
    2. Propriety - my wallpaper selections for my personal laptop were made for my own pleasure; some are not appropriate for the workplace, so now I have to worry about having inappropriate wallpaper pop up on my work laptop because of unwanted sharing I did not choose and cannot prevent.
    3. Risk - whoever gets onto this machine potentially has access to my personal Microsoft account, with all the dangers that implies; and by the same token, if they get onto my personal machine, this machine too is at risk.

    So. What should I do? How do I fix this without spending hours on the support line, paying Microsoft to unravel a mess they created?

    Winterknell, Mar 20, 2019

