One of the new features in Windows 8 that was rumored before was the new user profile mechanism. Now we’ve seen it and experienced how it worked, the Building Windows 8 blog reveals more information about Windows Live in Windows 8 detailing something behind the scene that are important to know.
The reason behind this whole new approach is obvious, to address the challenge in today’s multi-user and multi-PC environment. And when thinking of synchronizing user profile to the cloud, integrating Windows Live with Windows 8 seems to be a no-brainer choice. And that allows you to:
- Associate the most commonly used Windows settings with your user account.
- Easily reacquire Metro Style apps on multiple Windows 8 PCs.
- Save sign-in credentials for the different apps and websites.
- Automatically sign in to apps and services that use Windows Live ID for authentication.
What about non-Metro apps and settings?
You still should be able to sync them as usual in a domain environment but not so much without a domain. Microsoft discourage using any tools that manually attempt to do this by mechanisms such as going through registry or copying around executables. However, with using the new Restore/Refresh tools, it’s possible to easily create an image and use that as a refresh point.
How does affect the user control in a domain environment?
User still have the control of their data. In particular,
In Windows 8, when you link your Windows domain account to a Windows Live ID, we ask you up front (before data is synced) what data you want to sync between your domain-joined PC and other PCs you use with that ID. That way, you can decide if things like your web history, favorites, or credentials should sync to your work machine, or if you’d prefer to keep those or anything else that is synced only on your personal machines.
And there will be a Group Policy setting for IT admins to control whether a user can link their live ID to an ID, and what types of data will be allowed to sync. It’s also worth noting that credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get sync’d to other PCs. Corporate credentials stay on the PC’s that are managed by the IT admins.
What types of data get sync’d to the cloud?
There are three types of data that can be sync’d to your Windows 8 PC when signing in with your Live ID, namely:
- Your Windows Live ID user name and password
- Your Windows Live ID user profile
- The settings and data you choose to sync
How secure it is?
Microsoft takes a few steps to make sure the mechanism used in Windows 8 is secure and private.
- You need a secondary proof of your identity to safeguard your Live ID.
- Only a small amount of data, first name, last name, and display name, are shared with Windows. Windows does not share any of other profile data.
- The profile data stored in the cloud is released to apps or websites that you allow to have that data.
- The data is stored separately from your other Windows Live data, i.e. Skydrive. Hence, none of them counts against your own Live storage quota.
Here is how the profile data is protected:
- No data roam over WWAN by default.
- All user data is encrypted on the client before it’s sent to the cloud.
- All data leaving your PC are transmitted through SSL/TLS.
- The most sensitive information is encrypted once based on the password and again as it’s sent across the Internet.
- The data stored is not available to other Microsoft services or 3rd party.
- Before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish “trust” for that PC by providing further proof of your identity.
- The data saved to the cloud via the roaming mechanism is only accessible to Windows for roaming.