In today’s Ask the Admin, I’ll explain what a trusted PC is and how to verify your identity in Windows 10.
Windows 8 really wanted you to sign in with a Microsoft account and required you to Trust this PC before you could experience all the benefits of logging in with a Microsoft account, such as having your passwords synchronize to the local device from the cloud. From a security standpoint, this makes a lot of sense because it’s easy for cloud-based accounts, without two-factor authentication (2FA) enabled, to be compromised, so Microsoft requires you to verify your identity before the device is trusted.
2FA adds a second ‘factor’ in addition to your password, such as something you have like a smartcard or virtual token. Smartphone apps can also provide a second factor, making 2FA easier for businesses and consumers to implement. Microsoft has its own authenticator app – Microsoft Authenticator – which you can download from here for Windows devices, and it’s also available on Android and iOS.
For more information on using 2FA with a Microsoft account, see What Is Multi-Factor Authentication and How Does It Work? and How To Set Up Two-Factor Authentication for a Microsoft Account on the Petri IT Knowledgebase.
Verify Your Identity in Windows 10
Windows 10 has done away with the terminology of Trust this Device, and replaced it with verify your identity. To verify your identity in Windows 10, you’ll need to confirm a challenge/response code either via an alternate email address, or phone by SMS or call. In Windows 10, if you have 2FA set up on your Microsoft account, the device will be trusted automatically without any additional steps.
To verify your identity in Windows 10:
- Open the Settings app from the Start menu.
- Click Accounts in the Settings app.
- On the Your info screen, if your identity needs to be identified on the PC, you’ll see the option to Verify identity on the right.
- Follow the on-screen instructions to confirm your identity.
Only once your identity is verified will the PC be trusted.
I don’t recommend signing in to devices that you don’t own. And beware that if you must link a local account to a Microsoft account on a device that isn’t yours, there’s no way to opt out of trusting the device if 2FA is enabled on the Microsoft account.