What I can’t understand is why Azure AD doesn’t have a stronger position in the consumer space. Authentication via Google, Apple, and even still Facebook are nearly always supported on customer-facing logins. I rarely see an option for Microsoft.
They have a commanding position in the enterprise. What’s keeping them from crossing those enterprise boundaries?
They were an early mover in this area twenty years ago with the original Hailstorm / .Net Passport which was skeptically received and wasn’t helped by some spectacular outages. Google and Facebook leveraged their apps and especially GMail - Apple had the leverage from their App Store to force everyone that mattered to at their service too.
Incidentally, a Microsoft Passport login still works on any site with today's "Login with Microsoft" ... and there are starting to be more along side "Login with Google" or "Login with Apple".
These days, a consumer + biz page login page can look like this:
There's almost no good reason to require emails/password rather than let users use their preferred IdP.
I think the reason it's less common is simply that indie devs assume everyone uses free Google Workspaces. This year we're seeing more Microsoft Logins. Perhaps one reason is that now Google Workspaces is no longer free and startups are realizing they can get actual Office with actual apps at the same per $6 to $12 per user cost. Then in turn, supporting that login.
Do enough people still use consumer Microsoft accounts? Except for myself, it has been a long time since I have encountered a hotmail address or live address or outlook address in the wild.
I've gotten career advice several times to get a GMail instead, because Microsoft was considered out of date and backward (not so much anymore).
There are lots of very popular Microsoft services for consumers including Xbox and Office 365. Combined, these have hundreds of millions of paid subscribers.
I'd expect this to grow now that Windows pushes more aggressively to use an MS account to login.
Plus, if this works as well as it does with the "corporate" AzureAD, it would be a better experience for users. Just "log on with your Windows account".
Not saying that's necessarily a good, thing, mind. Only that I expect support to broaden.
Anyone that uses Minecraft (edit: or Xbox) I'm sure it is only a matter of time until some middle manager stakes their promotion on merging it with github and/or linkedin.
Microsoft is the only company I deal with where I cannot reliably authenticate. I wish they'd just stop trying to run consumer accounts.
You can link your GitHub account to a Microsoft account and log in to Microsoft with your GitHub account, not sure if you can log in to GitHub with your Microsoft account tho.
How times have changed, I mostly hear Google being called backwards now for its view that customers are just beta testers you dispose of when your latest moonshot project doesn’t hit orbit.
Microsoft's support for multiple accounts is atrocious. I can easily have 5+ Google accounts that I switch between, moving between MS accounts is awful. Additionally MS's free consumer offerings are not competitive with Gmail/Drive IMO.
I'm not a fan of Google's solution either. With a device with multiple G accounts it’s always a guessing game when opening up a google doc which account it’ll choose.
This is a legacy setup that can no longer be created. Microsoft removed the option to use a custom domain for Microsoft accounts many years ago, but hasn't forced people to change.
However, your friend can get out of this scenario by following the instructions on this site:
They'll end up with <whatever_they_can_find>@outlook.com for their Microsoft account. When using Org services via a browser, you'll automatically use your Org account. When using consumer services, you'll automatically use your Microsoft account (assuming you've selected stay sign-in for both).
> This is a legacy setup that can no longer be created
Thank goodness for that!
> However, your friend can get out of this scenario by following the instructions on this site
Thanks for the tip, will try and walk him through this next time I'm with him.
> hey'll end up with <whatever_they_can_find>@outlook.com for their Microsoft account
I doubt they actually need/want access to the Microsoft account. They don't use this work email address for any consumer services, as far as I'm aware -although how could one tell what services it could be associated with?
I read an explanation from some Microsoft page or rep. that it had to do with making personal purchases in the Windows Store when you're signed in using your business account. IIRC the rationale was that the personal account could persist beyond your employment, so you wouldn't lose any purchases if you switched jobs.
If I indeed recall correctly, then that doesn't really make sense. Just force people to make a different, actual personal account, and have them use that.
> IIRC the rationale was that the personal account could persist beyond your employment, so you wouldn't lose any purchases if you switched jobs
Except if you lose access to the work email address by switching jobs, surely you're one forgotten password away from permantently losing access to the personal account too? It's linked to your _work_ email (only)...
Indeed. I've never understood this distinction. Either it's a business account, or it's a personal account. It's bad enough that people use their business mail to sign up for personal stuff, we don't need Microsoft to make it even worse.
Facebook and Google provide "Sign-in with Facebook/Google account" not because they do it out of goodwill, to only make it "easier" or "smoother" to login -- it obviously cost resources on their end to enable such features -- it helps them better identify users and then serve ads. And Google can be really aggressive -- try reddit or Quora.
Apple, on the other hand, tries to sell "login with Apple account" with a different approach: they advertise the "privacy" part of it and how you can hide your email address by using it's sign-in service. And they have a term where login with Apple must be enabled on an app and website if a company has an app on the app store and it supports any other third-party login. In other words, if Reddit supports login with Google on iPhone, it must also support login with Apple ID. This helped the adoption a lot.
For Microsoft, they are relatively late and small in the ad business (for now) so I guess they don't really care about getting more of your information via sign-in services. And they are not on this privacy bandwagon as Apple does. So they really have no incentive for this.
This is common in a lot of Seattle neighborhoods, but the custom doesn’t extend beyond the city limits. For the most part it just works, but when I’m in a car with someone not from the city I always need to inform the driver or they just expect right of way. I lived near one of these intersections and personally witnessed two collisions over ten years. Neither were serious. I think these intersections largely work as a custom, save for the people not already accustomed.
They have a commanding position in the enterprise. What’s keeping them from crossing those enterprise boundaries?