We are using Office 365 Cloud services for at least 5 years and the benefits is no way close to compare managing your own services e.g. Active Directory (AD), Exchange Server, SharePoint and File Server.
My Office 365 users are more secure thanks to the Multi-Factor Authentication feature, where you can use your smart phone to receive a six pin codes to complete your identification and authentication process.
The latest version of Windows 10 Pro, also give you the option to login using your username and password you use with Office 365 or other business services from Microsoft e.g. Outlook.com, XBOX, etc.
You still have an option to configure your workstation using the Active Directory. You will be able to see “Domain join instead” on the lower right corner of the screen.
For this example, I will use my Office 365 username and password to setup my workstation.
I enter my Office 365 username e.g. email address firstname.lastname@example.org, click Next to continue. The next page is to enter my password. I have Multi-Factor Authentication enabled, so the setup also ask to verify my account. I enter my six pin codes to proceed.
The next screen is to choose privacy settings for your devices. By default, all of them are set to ON, so I change the setup a little bit as follow. Of course, you can turn them OFF if you want.
- Location is ON. I only le
- Diagnostics is FULL.
- Relevant Ads is OFF.
- Speech Recognition is ON
- Tailored experiences with diagnostic data is ON for now.
Click “Accept” to continue.
The next page is for Support and Protection, to configure your support, protection and communication preferences. Enter your Name, Region and Email address. Click on Next.
The next page is to confirm. I leave them “checked” for now. I don’t know what subscription
- Checked. My information is correct.
- Checked. Use my information to register my security subscription, receive subscription expiration email reminders and a digital subscription key car to protect multiple devices.
The next page will requires Windows Hello. The explanation is a password can be easily stolen. Windows Hello provides you with a combination of two-factors – your device plus biometric or a PIN instead of a password to sign in to your device, apps or services.
I’m setting this up for a user, so I selected creating a PIN. After verification click Next. Enter your PIN for example 201708. Click Next. Click OK to finish.
Before doing anything on this workstation. I run the Windows Defender Security Center formerly known as Windows Defender, the improvement it is easy to manage. Your Virus and Threat Protection, Windows Update, Firewall and Network Protection, Apps and Browser control in one location. It’s an excellent improvement to manage your workstation security and updates.
NOTE: The first account that you created is by default the “Administrator” of this computer. For backup, create a local admin account. For example, a local user as “queadmin” and add to the “Administrators” group.
Then create a new account for your “standard or normal” user. The purpose is to separate the standard user to administrator. This will prevent malicious codes to automatically run and install on this computer. Better security.
I hope this will help you secure your workstation, and no dependency to Active Directory.
Update: August 30, 2017. The first email address I used became the default administrator. When I created a backup administrator, I can’t use this account when I tried to install a program to my laptop. Though the first email is working ok. Searching for answers.