I rebuilt my basement PC recently, and doing a fresh install of Windows 10 v1809, decided to give the out-of-box Microsoft Account experience a try. It was pretty slick to not have to type my long, machine-generated password, and just acknowledge a security prompt on my Microsoft Authenticator app, and set up a nice PIN for ease of use within my home.

Upstairs on my couch, however, I found that I could not log in with Remote Desktop and my long, machine-generated password. I tried several variations on my Microsoft Account’s true [email protected], the mnemonic MicrosoftAccount\[email protected], the local short name alias myuse, with my PIN, with my long, machine-generated password, and with a null password, and got nowhere. Just this in the Windows Security Log:

Windows Security log event 4625, unknown user name or bad password.

Finally, it struck me: Other than querying Microsoft directly, how would my new installation of Windows ever have known the long, machine-generated password that I had never typed on it? A single local logon with password is all it took, and I was back in business.

A follow up line of thought I’ll explore some other time: What will happen if I change my Microsoft Account password elsewhere than on my PC? Will it invalidate the RDP password? The PIN?