Ask a new question

Windows shouldn't be syncing across work and personal devices

I started work at a place last year as IT Manager and was assigned a new Win10 Home laptop to use for work. I sign onto the laptop using a local account, and I access all work-related Microsoft Office applications using my work email, which has its own Microsoft Office subscription [edited to add: technically the work account has its own Office license, as my employer has maintains a company subscription] via ActiveDirectory. The machine login is a local account because Microsoft wouldn't accept my work email to create a Microsoft account, I didn't want to proliferate extra accounts, and when/if I leave the job this machine may pass to someone else.

Recently I bought a new Win10 Professional laptop for my own use, and I used my personal, non-work-related email to sign onto that. My personal email has its own, separate Microsoft Office subscription.

Let me be very clear, these two email addresses have separate Microsoft Office subscriptions and of the two machines, one is owned by my work and the other by me. They are separate worlds. I signed into Outlook on the personal machine using both addresses for my own convenience and I suspect that when I did this Microsoft unilaterally decided to combine the two machines.

While setting up the new machine I noticed that it was using my work wallpaper, but I thought nothing much of it at the time ("that's freaky", but I was busy setting up my new toy). Later I added a selection of new wallpaper to the personal machine and then today I noticed that Windows is now using some of those images as wallpaper on my work machine. Obviously there is some unasked-for sharing going on. I went in to disable sync and noticed, first, that under "Your Info" Windows has now assigned my personal email as the email address for the work machine (this is probably how the wallpaper is getting through), and second, that under "Sync your settings" the option is Off but, additionally, is flagged in yellow text "Sync is not available for your account. Contact your system administrator to resolve this."

Well, guys, I am the system administrator, with control of my employer's ActiveDirectory and Azure environments, and I have no idea how to resolve this. The likeliest option seems to be to create an otherwise useless Microsoft account, but now that Microsoft has crossed the streams there seems no easy way to substitute that account for my personal email on the work machine without performing a factory reset.

My concerns are

  1. Privacy - my employer deals with sensitive client information; my personal machine, not so much. This junction creates a security hole that might leak personally identifying information of clients should my personal laptop get stolen. I can remove my work email from Outlook on the personal machine, but I suspect that the damage is already done.
  2. Propriety - my wallpaper selections for my personal laptop were made for my own pleasure; some are not appropriate for the workplace, so now I have to worry about having inappropriate wallpaper pop up on my work laptop because of unwanted sharing I did not choose and cannot prevent.
  3. Risk - whoever gets onto this machine potentially has access to my personal Microsoft account, with all the dangers that implies; and by the same token, if they get onto my personal machine, this machine too is at risk.

So. What should I do? How do I fix this without spending hours on the support line, paying Microsoft to unravel a mess they created?

Hi WinterKnell,

 

Thank you for writing to Microsoft Community Forums.

 

When Sync settings is turned on, Windows syncs the settings you choose across all your Windows 10 devices that you've signed in to with your Microsoft account.

 

You can also sync your settings for a work account if it’s allowed by your organization. For more info about how Azure Active Directory and Enterprise State Roaming work to synchronize user and app settings to the cloud, refer Enterprise State Roaming overview.

 

To find Sync settings, select the Start button, then select Settings > Accounts > Sync your settings.

 

To stop syncing your settings and remove them from the cloud, turn off synced settings on all the devices connected to your Microsoft account, and then go to the Devices page, select More actions for the device you want to manage, and then select Remove cloud backup of personal settings.

 

Choose from settings such as language preferences, passwords, and color themes. If you turn on Other Windows settings, Windows also syncs some device settings (for things like printers and mouse options), File Explorer settings, and notification preferences. For a complete list of settings that Windows can sync, see Windows 10 roaming settings reference.

 

You can also try go to Settings > Account page > Access work or school > Select the Office account and click on Disconnect.

 

 

Hope it helps.

 

Muralidhar

Microsoft Community Moderator

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I cannot mark this response as resolving my issue, as all of the advice was demonstrably irrelevant. I had already done all but one of these steps. Syncing was, already, supposedly, OFF. I didn't even have the option to enable it. I draw your attention to my original post where I stated 'under "Sync your settings" the option is Off but, additionally, is flagged in yellow text "Sync is not available for your account. Contact your system administrator to resolve this."' Oh, and BTW, SYnc is off and the yellow "Sync is not available for your acount" message shows up on both laptops. Interesting. Who is the system administrator for my personal laptop anyway? In setting up the personal laptop I did not identify it as a device I wanted my organisation to manage.

I had already done everything you suggested, up to the very last paragraph where you said "You can also try go to Settings > Account page > Access work or school > Select the Office account and click on Disconnect." This advice too is irrelevant as under "Access work or school", the only email listed is my work address - which is in fact the only correct address for my work machine and therefore not to be disconnected.

The issue is the unasked-for insertion of my personal email account under "Your info" where it displays my local login account for the device, my personal email, and "Administrator". The arbitrary linking of my personal email to this work device, with no apparent way to remove it, is the core issue.

Further steps taken since OP: yesterday I removed my work account from Outlook on my personal machine. This afternoon, prior to coming here, I also found and severed the work machine from the list of devices showing on my personal email's Microsoft account (I had not placed it there), and I also removed my personal OneDrive from the work machine. However, when I logged into the work machine after doing this my personal email is still showing on Settings > Your info, even after rebooting. It shouldn't be there, I didn't put it there, and there seems to be no way for me to remove it.

The wallpaper hasn't changed again, so it's possible that at least removing the work machine from my list of devices has plugged some of the unwanted leakage of information across devices. However since the existing wallpaper is an image that was made and saved on my personal laptop using non-Microsoft software and never expressly uploaded to Microsoft nor placed in a folder that Microsoft has any right to finger through (it never touched OneDrive or any folder under Users, for example), the fact that the image made it onto my work laptop is still very concerning. Somehow that image made its way from one laptop to another via Microsoft's servers. The personal laptop has never left my house since it was delivered here, so at the very least some of my home bandwidth was consumed in illicitly uploading that data. I have no faith that it was the only data "synced", nor that the data was deleted after it reached Microsoft. I can always hope that it went no further than your Sydney servers.

13 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I have a several stand alone  windows 10 home devices and I occasionally get this kind of message while attempting to access certain files on my device, even if I'm logged in as the built in Administrator (SID 500) which is part of the Administrators group....

"XYZ" is not available, Or you have been denied access to "ABC" by your System Administrator Contact your system administrator to resolve this."

I would also like to know who this mystery "System Administrator" is. Has NT Authority on my devices been hacked?  Something creepy is going on with Microsoft. These canned, vague non answers really suggests a dark side to Microsoft which is getting harder and and harder for them to hide.

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated April 22, 2024 Views 2,628 Applies to: