 
				
					Signing in to Windows 8 With a Windows Live ID
With Windows 8, Microsoft will  introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all of your PCs. 
"In Windows 8, we have set out to ensure that each PC user has a truly 
personal experience that seamlessly bridges their online and offline tasks, 
is simpler to set up and use, and persists across their set of Windows 8 
PCs," Katie Frigon, the group program manager of the You-Centered Experience 
team (Microsoft) wrote at the company's blog.
Signing in with an ID allows you to:
- Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8 PC. Your PC will be set up just the way you are used to.
- Easily reacquire your Metro style apps on multiple Windows 8 PCs. The app's settings and last-used state persist across all your Windows 8 PCs.
- Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time. - Automatically sign in to apps and services that use Windows Live ID for authentication.
When you buy a Windows 8 PC and set up your user account for the first time, you can optionally choose to create an account that is associated to a Windows Live ID. You can either use an existing ID or create a new one. If you choose to create a new one, you can use any email address you want as your new ID, and then create your unique password. For example, you can use example@live.com or you can use someone@example.com. You just need to identify an email address that you want to have associated with the Windows Live ID service, and provide a unique password. Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.
With Windows 8, Microsoft is also working to allow you to be able to have your personal Windows experience on any Windows 8 PC you sign in to with your Windows Live ID. Settings such as your lock screen picture, desktop background, user tile, browser favorites and history, spell check dictionaries, Explorer settings, mouse settings, and accessibility settings, among many others are now associated with your Windows 8 account and stored in the cloud. They are kept in sync and come down to each machine you use as they are changed or updated.
In addition, it will be easy to see which Metro style apps you've purchased and choose which ones you want to have on each of your Windows 8 PCs. By using your ID to sign in to Windows, the settings and state for your Metro style apps stay in sync between each PC you use.
Another benefit of signing in with a Windows Live ID is how Microsoft has simplified the need to sign in to multiple services and applications. This is accomplished in two ways. First, once you've signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID. For example, once you sign in to Windows with your ID, you can launch the Windows Chat app and start talking with your friends without the need to sign in again. Similarly, you can browse to your Hotmail inbox page without needing to enter your email address and password again. You can always sign out of a webpage and sign in as a different user, but by default you will be automatically signed in. To be clear, however, those applications and websites do not have special access to your Windows PC or your personal data.
Second, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you've trusted and verified yourself with. You won't have to type in your user name or password; just confirm your sign-in as needed. Similar to the Chat application example, when launching a Metro style application that uses this feature, you will be signed in automatically and the application will resume right where you left off.
If you choose to associate your local account with an ID, Microsoft has provided control over what you want to sync to each Windows 8 PC you use. In Control Panel, there is a section called "Sync PC Settings" where you can manually turn settings sync on or off.
You can choose to turn off all syncing or you can turn off syncing per the type of setting. The settings groups include:
Personalize
Themes
Ease of access
Language preferences
Apps
Web browser
Other stuff
Some passwords
In addition, you can also roam the desktop themes you use and create, including colors, sounds, and desktop background (note: currently for the background image Microsoft roams the original image that was selected if it?s under 2MB. If the image is over 2MB Windows compress and crop the image to 1920x1200).
It is also important that you maintain control of your data when work and personal start to mix. In Windows 8, when you link your Windows domain account to a Windows Live ID, Microsoft asks you up front (before data is synced) what data you want to sync between your domain-joined PC and other PCs you use with that ID. That way, you can decide if things like your web history, favorites, or credentials should sync to your work machine, or if you'd prefer to keep those or anything else that is synced only on your personal machines.
Microsoft also empowers IT administrators to control what a user can sync to a work PC through group policy. The company have provided control to IT administrators to decide if a worker can link their domain account to an ID, and if the admin allows that link, what types of data the worker is allowed to sync.
Finally it's important to note that credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get synced to your other PCs - this ensures that corporate credentials stay on the PCs that are managed by the IT admin.
When you associate your Windows user account with a Windows Live ID, there are three categories of data that are especially interesting from the privacy and security perspective:
Your Windows Live ID user name and password
Your Windows Live ID user profile
The settings and data you choose to sync
Microsoft has taken measures to safeguard the ID and password you use to sign in to Windows. First, Microsoft will require a strong password (and you can't leave password blank). Next, the company collects a secondary proof of your identity. This will allow us to establish "trust" with specific PCs that you use frequently or own. This in turn will also enable more secure syncing of private data like passwords. Collecting the secondary proof of your identity also helps make account recovery easier and more secure.
Signing in with a Windows Live ID also gives you much more control over your password, including your ability to recover a lost one. If you use a local account and you forget your password, you're in a tough spot, and your options are limited. You may be able to recover your password with a hint or a recovery key, but if neither of those works, you're generally left with having to rebuild your PC from scratch. However, if you sign in to your PC with your Windows Live ID and you later forget your password, you can reset your password from another PC by navigating to https://login.live.com and clicking on "forgot my password."
Windows Live ID also includes a number of different safety features to detect if your account is stolen, and it will change your account to a "compromised" state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier. Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen - you just won't be able to use the services and applications that rely on this ID until you go through Microsoft's "recover my account" workflow online.
Microsoft added that Windows does not use any of your other profile data. Your profile data stored in the cloud is released to apps or websites that you allow to have that data. While any Metro style app can leverage Windows Live ID for their own sign-in authentication, they must always ask you first if you want to allow access to particular details from your profile.
As mentioned earlier, there are three categories of data that can be synced to your Windows 8 PCs when you sign in with your ID: 1) Windows settings, 2) App settings and data, and 3) credentials. This data is stored in the cloud so that it is available to you when you sign in to your various Windows 8 PCs. The size of the data we roam is minimal and we only enforce some limits on a per setting basis, for example, the file size for the lock screen image. None of this counts against your Windows Live storage quota. This data is also stored separately from your other Windows Live data, for example, what you store on SkyDrive.
In order to secure user data, we?ve taken several measures. First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish "trust" for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming.
Signing in with an ID allows you to:
- Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8 PC. Your PC will be set up just the way you are used to.
- Easily reacquire your Metro style apps on multiple Windows 8 PCs. The app's settings and last-used state persist across all your Windows 8 PCs.
- Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time. - Automatically sign in to apps and services that use Windows Live ID for authentication.
When you buy a Windows 8 PC and set up your user account for the first time, you can optionally choose to create an account that is associated to a Windows Live ID. You can either use an existing ID or create a new one. If you choose to create a new one, you can use any email address you want as your new ID, and then create your unique password. For example, you can use example@live.com or you can use someone@example.com. You just need to identify an email address that you want to have associated with the Windows Live ID service, and provide a unique password. Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.
With Windows 8, Microsoft is also working to allow you to be able to have your personal Windows experience on any Windows 8 PC you sign in to with your Windows Live ID. Settings such as your lock screen picture, desktop background, user tile, browser favorites and history, spell check dictionaries, Explorer settings, mouse settings, and accessibility settings, among many others are now associated with your Windows 8 account and stored in the cloud. They are kept in sync and come down to each machine you use as they are changed or updated.
In addition, it will be easy to see which Metro style apps you've purchased and choose which ones you want to have on each of your Windows 8 PCs. By using your ID to sign in to Windows, the settings and state for your Metro style apps stay in sync between each PC you use.
Another benefit of signing in with a Windows Live ID is how Microsoft has simplified the need to sign in to multiple services and applications. This is accomplished in two ways. First, once you've signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID. For example, once you sign in to Windows with your ID, you can launch the Windows Chat app and start talking with your friends without the need to sign in again. Similarly, you can browse to your Hotmail inbox page without needing to enter your email address and password again. You can always sign out of a webpage and sign in as a different user, but by default you will be automatically signed in. To be clear, however, those applications and websites do not have special access to your Windows PC or your personal data.
Second, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you've trusted and verified yourself with. You won't have to type in your user name or password; just confirm your sign-in as needed. Similar to the Chat application example, when launching a Metro style application that uses this feature, you will be signed in automatically and the application will resume right where you left off.
If you choose to associate your local account with an ID, Microsoft has provided control over what you want to sync to each Windows 8 PC you use. In Control Panel, there is a section called "Sync PC Settings" where you can manually turn settings sync on or off.
You can choose to turn off all syncing or you can turn off syncing per the type of setting. The settings groups include:
Personalize
Themes
Ease of access
Language preferences
Apps
Web browser
Other stuff
Some passwords
In addition, you can also roam the desktop themes you use and create, including colors, sounds, and desktop background (note: currently for the background image Microsoft roams the original image that was selected if it?s under 2MB. If the image is over 2MB Windows compress and crop the image to 1920x1200).
It is also important that you maintain control of your data when work and personal start to mix. In Windows 8, when you link your Windows domain account to a Windows Live ID, Microsoft asks you up front (before data is synced) what data you want to sync between your domain-joined PC and other PCs you use with that ID. That way, you can decide if things like your web history, favorites, or credentials should sync to your work machine, or if you'd prefer to keep those or anything else that is synced only on your personal machines.
Microsoft also empowers IT administrators to control what a user can sync to a work PC through group policy. The company have provided control to IT administrators to decide if a worker can link their domain account to an ID, and if the admin allows that link, what types of data the worker is allowed to sync.
Finally it's important to note that credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get synced to your other PCs - this ensures that corporate credentials stay on the PCs that are managed by the IT admin.
When you associate your Windows user account with a Windows Live ID, there are three categories of data that are especially interesting from the privacy and security perspective:
Your Windows Live ID user name and password
Your Windows Live ID user profile
The settings and data you choose to sync
Microsoft has taken measures to safeguard the ID and password you use to sign in to Windows. First, Microsoft will require a strong password (and you can't leave password blank). Next, the company collects a secondary proof of your identity. This will allow us to establish "trust" with specific PCs that you use frequently or own. This in turn will also enable more secure syncing of private data like passwords. Collecting the secondary proof of your identity also helps make account recovery easier and more secure.
Signing in with a Windows Live ID also gives you much more control over your password, including your ability to recover a lost one. If you use a local account and you forget your password, you're in a tough spot, and your options are limited. You may be able to recover your password with a hint or a recovery key, but if neither of those works, you're generally left with having to rebuild your PC from scratch. However, if you sign in to your PC with your Windows Live ID and you later forget your password, you can reset your password from another PC by navigating to https://login.live.com and clicking on "forgot my password."
Windows Live ID also includes a number of different safety features to detect if your account is stolen, and it will change your account to a "compromised" state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier. Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen - you just won't be able to use the services and applications that rely on this ID until you go through Microsoft's "recover my account" workflow online.
Microsoft added that Windows does not use any of your other profile data. Your profile data stored in the cloud is released to apps or websites that you allow to have that data. While any Metro style app can leverage Windows Live ID for their own sign-in authentication, they must always ask you first if you want to allow access to particular details from your profile.
As mentioned earlier, there are three categories of data that can be synced to your Windows 8 PCs when you sign in with your ID: 1) Windows settings, 2) App settings and data, and 3) credentials. This data is stored in the cloud so that it is available to you when you sign in to your various Windows 8 PCs. The size of the data we roam is minimal and we only enforce some limits on a per setting basis, for example, the file size for the lock screen image. None of this counts against your Windows Live storage quota. This data is also stored separately from your other Windows Live data, for example, what you store on SkyDrive.
In order to secure user data, we?ve taken several measures. First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish "trust" for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming.
 
							 
 
 
 
 
 
 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	 
	