This guide explains how to allow or deny app access to account info in Windows 10 and Windows 11. Managing account info permissions allows you to specify which apps have access to account info (or to disable them globally at the OS level for all accounts), including details from your Microsoft or Windows account, with the aim of protecting your personal data.

How to allow or deny OS and individual apps access to account info in Windows 10 and Windows 11

To see what apps already have access to your account info, as well as allow or deny access to your account information (including your name and profile picture) in Windows 10, use the following steps:

• Right-click on the Start button and click Settings
• Select Privacy
• Scroll to Account info in the sidebar to the left

• To allow or deny any app from accessing account info for all users on the current device, click the Change button under Allow access to account info on this device and then toggle Account info access to this device on or off (note, this option is only available to administrators)
• To change whether apps can access the account info for the currently signed-in account, change the toggle under Allow apps to access your account info to enable or disable access
• You can also toggle access to your Microsoft or Windows account info individually in the list of apps on this screen

The steps differ slightly for Windows 11 devices:

• Right-click on the Start button and click Settings
• Click on Privacy & security
• Scroll down to App permissions, and under that, click on Account info

• To allow or prevent all apps from accessing account info for all accounts on your device, toggle the Account info access option on or off (again, this option is only available as an administrator)
• To allow or prevent all apps from accessing the account info for the currently logged-in user account, toggle Let apps access your account info
• You can also toggle access to your Microsoft or Windows account info individually from the list of apps on this screen

By toggling apps individually, you can only allow certain apps to access your Windows account info, providing granular control.

How to use the Windows Registry Editor to configure account information permissions

You can also use the Windows Registry Editor to configure app access to account information for all user accounts on your device, or all apps under your own account. Note that it is best to use the Settings app whenever possible instead of the Registry Editor or Local Group Policy for ease of configuration and to avoid making mistakes.

• Open the Windows Registry Editor
• To configure app access to user information for all accounts, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation
• Double-click on the Value string and set its Value data to Allow or Deny

• To do this for only your account (that you are currently logged in with), change the Value string located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation instead (note, only works if account info access is enabled for all user accounts)

You will need to be logged in as an administrator to change the registry setting affecting all users’ accounts.

Using Local Group Policy to configure app access to account info for all accounts and apps

This method will disable app access to account info globally at the OS level (i.e., for all user accounts), and overrides using the Settings or Registry methods if they are configured. You must be logged in as an administrator to access Local Group Policy.

• Open the Windows Local Group Policy Editor
• Navigate to Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\App Privacy
• Locate Let Windows apps access account information in the list of Settings to the right and double-click on it

• Select Not configured for the default behavior of allowing app access for all accounts
• Select Enabled to customize the behavior using displayed options
• Once Enabled, to completely disable app access to account details for all accounts, select Force Deny as the Default for all apps

• Press OK to save the changes and close the dialog

Troubleshooting issues with Windows account info access settings

If the option to configure app access to your account info is grayed out in the Settings app, check that the option to enable account info access is enabled for all accounts, so that anyone using the device can control app access permissions. If setting app permissions is behaving unexpectedly, you should check that no Local Group Policy settings are configured for them, as these will always override those set in the Windows Registry or using the Settings app.

Note that some apps require access to your account information, and may not function without it. This is up to the app, and it’s up to you if you think their requirement is valid.

Understanding account info permissions and privacy in Windows

Your account info includes information like your username, email address, name, and account picture. This can come from either your Microsoft account, local account, or domain account in education or enterprise environments. This information can be optionally shared with apps for personalization or to sign in to them.

Electing not to share this information, either with all apps or specific apps, is often done for privacy reasons: users may not want to share the same information they have used to configure their Microsoft account with other parties.

While you’re prompted when this information is to be shared with third-party applications, you may want to periodically review it, or disable account information sharing globally to ensure no third-party app will ever be able to gain access to this information.

Managing and protecting user privacy in the enterprise

Managing user privacy is critical in enterprise environments, especially when privacy laws such as GDPR and CCPA are involved. Endpoint management by NinjaOne allows you to centrally configure all of your Windows 10 and Windows 11 devices, and monitor for suspicious activity that may indicate unintentional or malicious data sharing.