Comment by Aurornis
1 day ago
> The real issue is that you can't be sure that the keys aren't uploaded even if you opt out.
The fully security conscious option is to not link a Microsoft account at all.
I just did a Windows 11 install on a workstation (Windows mandatory for some software) and it was really easy to set up without a Microsoft account.
Last time I needed to install Windows 11, avoiding making a Microsoft account required (1) opening a command line to run `oobe/bypassnro`, and (2) skipping past the wifi config screen. While these are quick steps, neither of those are at all "easy", since they require a user to first know that it is an option in the first place.
And newer builds of Windows 11 are removing these methods, to force use of a Microsoft account. [0]
[0] https://www.windowslatest.com/2025/10/07/microsoft-confirms-...
It goes even deeper than this, because your account can be linked to a microsoft account later, by logging into microsoft services like Teams.
By selecting Domain Join, which is available on Professional edition and above.
> it was really easy to set up without a Microsoft account.
By "really easy" do you mean you had a checkbox? Or "really easy" in that there's a secret sequence of key presses at one point during setup? Or was it the domain join method?
Googling around, I'm not sure any of the methods could be described as "really easy" since it takes a lot of knowledge to do it.
I recently had to install Windows for the first time in ages because reasons, and it really wasn’t very hard. The setup really just presents two options at a time: the cloudy option, and the other option. If in doubt, the flashy one is the cloudy one. I kept selecting the non cloudy option and got to the desktop without signing up for anything. Sure it took more clicking than last time I went through this, but really wasn’t nearly as bad as people say and didn’t take any windows know-how or googling. Might be very different between editions and regions though…
Edit: ofc we all agree local accounts needs to be a supported option, but perhaps we should be more careful about yelling from the rooftops that it’s practically impossible. I’ve been told for years now that it’s really hard or impossible, and it really was not that hard (yet…)
You're a bit vague here, but I'm 99% sure such options were not available when I installed Win 11 a few months ago.
Chastising people about "yelling" is not really an appropriate thing to say here.
And how do you know the keys are never uploaded if you don't have an account?
The same way you know that your browser session secrets, bank account information, crypto private keys, and other sensitive information is never uploaded. That is to say, you don't, really - you have to partially trust Microsoft and partially rely on folks that do black-box testing, network analysis, decompilation, and other investigative techniques on closed-source software.
Air gap the machine.