6e815a39-7aa8-42e4-88d3-1778dfe85333
Although Microsoft accounts are password-protected, they also have the potential of greater exposure outside of the enterprise. Additionally, if the owner of a Microsoft account is not easily distinguishable, auditing and forensics become more difficult. It is best practice to disable "Add and Login for Microsoft account" in enterprise or secure environments.
To fix this configure the policy value for:
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Accounts: Block Microsoft accounts Set [Users can't add or log on with Microsoft accounts]
https://www.tenforums.com/tutorials/97556-allow-block-microsoft-accounts-windows-10-a.html
STIG: Desktop: https://www.stigviewer.com/stig/windows_8_8.1/2015-06-16/finding/V-36771
Nist 800-53: AC-2(1),
CSCv7: v16.2
CIS v7: v16.2 Configure Centralized Point of Authentication
CSI v8: v5.6
IAIA-1