Title

Use of Microsoft accounts to log on must be blocked. (Cat II impact)

Discussion

Control of logon credentials and the system must be maintained within the enterprise. Linking an account to an outside vendor could provide an opening if the account is compromised.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. (See "Performing Analysis with the Security Configuration and Analysis Snap-in" in the STIG Overview document.) Expand the Security Configuration and Analysis tree view. Navigate to Local Policies -> Security Options. If the value for "Accounts: Block Microsoft accounts" is not set to "Users can't add or log on with Microsoft accounts", this is a finding.

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "Accounts: Block Microsoft accounts" to "Users can't add or log on with Microsoft accounts".

Additional Identifiers

Rule ID: SV-48457r2_rule

Vulnerability ID: V-36771

Group Title: WN08-SO-000002

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.