Adding work account to personal PC?

[randy_marsh]

Hi all,

 

Looking for some advice. For work, I have a desktop PC at my office that I use. When I WFH 1-2 days per week, I have a less powerful laptop (noticeably slower) that I use via a Thunderbolt 4 dock to connect with my existing home setup. My personal home setup consists of three monitors and a more powerful desktop PC (i7-14700K, 64GB RAM, Samsung 990 Pro 2TB, RTX 4060). Having to dock with my work laptop creates a lot of complexity and additional clutter given all the monitors and peripherals. What options are there for me to remove my laptop and dock and utilize my existing personal desktop... and are there reasons why I wouldn't want to do that?

 

Obviously, I don't want my work to be able to access my personal files or restrict admin access on my personal account. I was thinking there were may be two ways to approach this: either adding my work account as a separate login on the machine (login to my work M365 account only i.e. not linking work to my personal Microsoft account), or I could get another SSD and dual boot where I can have cleaner separation. My work utilizes OneDrive/SharePoint and only a few programs, so there isn't a heavy local storage component. I'm not sure what the implications are for other users on my machine by adding the work account as a login, and I'm not familiar with dual boot either. 

 

Overall, I would really value the reduced complexity of not using the laptop/dock at home, and I would benefit from the better computing resources, but I do not want to give access to my personal data or lose the ability to have admin rights on my personal PC. 

 

Interested to hear thoughts / what you've done in a prior situation, and if I am missing any considerations. I'm not sure what my IT department will allow but they've been flexible in the past. Thanks!

 

[whispous]

You're almost certainly contract bound to not sign in to any of your work accounts on any devices they've not approved in writing from the correct department.

[manikyath]

2 hours ago, randy_marsh said:

What options are there for me to remove my laptop and dock and utilize my existing personal desktop...

that depends entirely on what work will allow you to do.

 

but i'll already tell you that you're not gonna be able to add your work account to your personal computer without some very undesirable things happening, depending on the security policies in place.

[randy_marsh]

4 minutes ago, manikyath said:

but i'll already tell you that you're not gonna be able to add your work account to your personal computer without some very undesirable things happening, depending on the security policies in place.

Would a dual boot system allow me to get around this? A separate Windows install on a separate SDD - that way whatever policies, endpoint items, monitoring, bitlocker, would be contained to that drive while my personal SSD is free of any of that? I work at a small company (<25 employees) and we use an MSP, so I feel like I could argue for it?

 

Or am I wrong that even in that sort of configuration, undesirable things would happen to my experience when I boot into my personal accounts?

[whispous]

Just so you know, yes, certain 365 tenants can enroll a PC permanently to the organisation - as in, upon wiping the drive and reinstalling Windows, it will require a work account to log in again

[Kisai]

6 hours ago, randy_marsh said:

 

Obviously, I don't want my work to be able to access my personal files or restrict admin access on my personal account. I was thinking there were may be two ways to approach this: either adding my work account as a separate login on the machine (login to my work M365 account only i.e. not linking work to my personal Microsoft account), or I could get another SSD and dual boot where I can have cleaner separation. My work utilizes OneDrive/SharePoint and only a few programs, so there isn't a heavy local storage component. I'm not sure what the implications are for other users on my machine by adding the work account as a login, and I'm not familiar with dual boot either. 

 

Read your employment contract, because there are many reasons why you DO NOT WANT TO DO THIS.

 

1) Your work machine probably has a VPN setup to access office resources. You can not move this off the work machine without exposing the office to potential problems. If you connect to work via VPN, just stop now.

 

2) If your own office WFH is just office 365, and no other software, thus patches/drivers/software-updates to your machine aren't being pushed by IT, then yes, you can login to your office 365 account on your home computer. IT can see which machines you have activated, and as long as you aren't trying to use them simultaneously it doesn't violate the license, but IT might be annoyed or angered if you do this without telling them

 

For what it's worth, use a separate account on your PC if you're going to do this. Because the office license will be linked to whatever account you login with, which means you need to login to YOUR PC with YOUR OFFICE ACCOUNT, not your PC's user account. Doing so has consequences. The office license is linked to the PC's name. So YES, IT knows if you do this.

 

3) You might unintentionally sign over ownership of your PC to your IT department. This is why I would suggest not doing this unless your business only works with office 365. What will happen if your machine accidently gets "claimed" by the business's IT department is you will need to wipe your machine if you quit/fired, because the OS won't release the files owned by the terminated account.

 

It would be far less of a pain in the ass to just buy O365 yourself, and pass your documents back and forth over your local network or a USB drive. Sure you can login to your computer with your business account, but it's generally going to upset things on your computer that it's going to be hard to undo.

 

Which comes to a very obvious solution that I'm sure you might have thought of.

 

Use RDP. Just login to your business-provided computer from your desktop via RDP when it's on your local network. That will give you access to your business computer's software without that software ever running  on your own desktop. Just make sure you aren't sharing your drives with the RDP session. But this doesn't give you any of the local performance resources (Eg faster cpu/gpu, ram, etc)

 

Personally, the less frustrating solution is the RDP solution if you just want to use your monitors/keyboard. If you actually want to use the entire computer's resources, then the alternative is to ask IT to give you a better device to work from home.

 

[Lurking]

Talk to your IT and supervisor about approved options. 

 

Unapproved use of IT resources can be a security risk.  Or it can be seen as a security risk or theft. Fire-able offense. 

 

[Needfuldoer]

If your work laptop has VPN access to the office, ask the IT department to set you up so you can connect to your desk machine with Remote Desktop.