18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'

Information

This policy setting determines whether cloud consumer account state content is allowed in all Windows experiences.

The recommended state for this setting is: Enabled

The use of consumer accounts in an enterprise managed environment is not good security practice as it could lead to possible data leakage.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Cloud Content\Turn off cloud consumer account state content

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template CloudContent.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer).

Impact:

Users will not be able to use Microsoft consumer accounts on the system, and associated Windows experiences will instead present default fallback content.

See Also

https://workbench.cisecurity.org/benchmarks/17689

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1)

Plugin: Windows

Control ID: 5b750e902a6b2bdd436233fd5bdc571ae9d008521febd0f1709cadbe50dea34f