Microsoft Accounts
******************

.. contents::
   :local:

Overview
========

This document covers how to properly set up a Windows device using
**Microsoft Workplace Accounts** (also called "Work or School Accounts"). It is
important to understand the difference between **local/personal accounts** and
**workplace accounts**, and how mixing them can lead to issues—especially with
permissions and device management.

Key Points
----------

- The **first account created** during Windows setup will become the
  **administrator**.
- This first account **should be a Microsoft Workplace Account**, not a local or
  personal Microsoft account (e.g. one ending in @outlook.com).
- Mixing personal and work accounts can lead to issues with **permissions**,
  **app access**, and **authentication**.
- If the device was initially set up with a **local/personal account**, the
  **best fix is to reinstall Windows** and start over using a workplace account.

Creating a Workplace Admin Account
==================================

When setting up a new Windows device:

1. **During Windows Setup**, select **Set up for work or school**.
2. Sign in with a **Microsoft Workplace Account** (e.g. ``user@yourcompany.com``).
3. This first account will be granted **administrator** privileges automatically.

.. note::
   If you instead choose **Set up for personal use**, and sign in with a personal
   Microsoft account (e.g. ``user@outlook.com``), it will create a **personal
   profile**, which is not ideal for organizational control.

Adding Additional Administrators
================================

To give another user administrator rights:

1. Go to **Settings > Accounts > Other Users**.
2. Click **Add account**.
3. Enter the **workplace email address** of the user you want to add.
4. After adding them, select their account and click **Change account type**.
5. Choose **Administrator** from the drop-down menu and click **OK**.

Handling Incorrect Initial Setup
================================

If the first account created was a **local or personal Microsoft account**, the
device may have:

- Limited access to organizational resources
- Trouble with Microsoft 365 apps
- Issues joining or syncing with **Azure AD / Entra ID**
- Problems with remote management or software deployment

**Recommended Fix**:

The most reliable solution is to:

1. **Back up your data.**
2. **Reinstall Windows.**
3. During setup, choose **Set up for work or school** and use a workplace
   account for the initial login.

.. tip::
   Avoid using personal Microsoft accounts for any work machine. Even if later
   joined to the workplace, it can still cause subtle and persistent permission
   or policy issues.

.. note::
   This guidance applies to devices intended for **business use** under
   Microsoft 365, Entra ID, or Azure AD environments.