At Christmas, I bought two new computers and I am still setting up the first one because I am thinking about cybersecurity first. I know from past experience that the first principle that I want to follow is “least privilege.” I started to set up the Windows 10 Version 1903 Home license on the computer and it wanted to connect me to the Internet, which I did with the help of the WPS (Windows Protected Setup?) button on the Comcast Business router. The new computer has Windows Hello on it and, after one unsuccessful try, it worked and before I knew it I had a Microsoft Account and my only form of logon was Windows Hello. Soon after that I supplied it with a PIN, an email account and a password to go with the Microsoft Account email.
I have tried to remove the Administrator Account status from the Microsoft Account and failed. I found documentation/information online that says the Microsoft Account has to be an Administrator Account. Is that correct?
Next, I want to reduce the visibility of the Microsoft Account. I have changed the name to be somewhat less obvious but this name shows up when I mouse over the user avatar after one (left) click on the Windows logo in the lower left corner. Is there more that I can do to make this less visible?
With the help of a local Microsoft Store (yes, I have a physical Microsoft Store near me) I have recovered a Windows 10 Home to Windows 10 Pro Upgrade License from my previous PC, which I had bought at the same Microsoft Store. The old PC seems to have a motherboard problem that is not worth repairing. I have installed the Home to Pro upgrade on this new PC.
Before I go any further with this PC, I would like to decouple the Microsoft Account from the Windows Hello functionality so that I could use that functionality with a Standard Account of my own choice. So far, I have tried and failed. Is this impossible or have I missed something?
The next step after the above will be to set up a Guest account. I will write that message as soon as I finish this message.
