The Global Device Identifier, or GDID, is a hidden identifier that Microsoft assigns to a Windows device. It is not a hardware serial number or a marketing feature; it is a unique, account-linked identifier that Windows generates when a device signs in to a Microsoft Account. It became publicly known in July 2026, when it appeared in a federal criminal case, and because Microsoft does not document it prominently, most of what is publicly understood about it comes from that case and from security researchers.
The short version: the Global Device Identifier is a unique string tied to your Microsoft Account and your Windows installation, and Microsoft uses it for routine purposes like diagnostics, analytics, and abuse detection. This piece explains what the GDID is, how it works, how it came to light, and what Microsoft uses it for. For related background on device identity, see our coverage of zero-trust security and endpoint security.
What the Global Device Identifier is
Technically, the GDID is a Microsoft Account "Device PUID," a 64-bit Passport Unique ID that Windows assigns to an installation when that installation registers with a Microsoft Account. In plainer terms, when you sign a Windows device into your Microsoft Account, Microsoft records a unique identifier for that specific installation and ties it into your account.
Two details set it apart from a simple hardware fingerprint. It lives in Microsoft’s account device graph, the system that tracks which devices belong to which account, and it is tied to the installation rather than the raw hardware. A full wipe and clean reinstall of Windows produces a new GDID, so the identifier is created and maintained by the software and the account relationship rather than read off unchanging components.
How it works
The GDID exists because your device is registered into the Microsoft Account device graph, and Microsoft’s Connected Devices Platform keeps it synced so your devices can recognize and work with one another. That syncing is part of ordinary Windows functionality, the same machinery that lets your devices share a clipboard or hand off tasks. The identifier is a byproduct of that connected-account model.
Because it is tied to the installation and the account, the GDID is stable over the life of a Windows install but is not permanent in the way a hardware serial is. Reinstalling Windows resets it to a new value.
How it became public: the Scattered Spider case
The GDID was not a feature Microsoft announced. It became widely known in July 2026 through a criminal case tied to Scattered Spider, an extortion and hacking group. According to reporting on the case, investigators identified an alleged member after Microsoft shared device telemetry with the FBI, and the GDID was used to correlate the suspect’s activity.
The court filings described a range of detail associated with the device, including web activity, videogame history, IP address history, tool usage, and cloud service status, stamped with timestamps and provided by Microsoft. The individual has been accused, not convicted, and the specifics belong to an ongoing legal process. The case is relevant here mainly because it is how the identifier became publicly documented.
What Microsoft uses it for
The GDID has several routine uses. It supports diagnostics and crash reporting, so a fault can be traced to the device that produced it. It supports feature-usage analysis, which helps Microsoft see how Windows is used. And it helps detect abuse, such as a single machine repeatedly claiming free trials or licenses.
It also plays a role in account security. A login from an unfamiliar device paired with a known identifier is a signal that helps platforms flag compromised accounts and fraud. In that sense the GDID is a general-purpose device identifier rather than a single-purpose tool.
In short, the Global Device Identifier is a persistent, account-linked identifier that Windows uses to recognize a device, and much of what is publicly known about it comes from its appearance in the 2026 Scattered Spider case.
Frequently Asked Questions
What is the Global Device Identifier (GDID)?
The GDID is a unique identifier Microsoft assigns to a Windows device, technically a Microsoft Account “Device PUID,” a 64-bit ID created when a Windows installation registers with a Microsoft Account. It is tied to your account through Microsoft’s device graph and kept synced across your devices, and Microsoft uses it for diagnostics, analytics, and abuse detection.
How did the GDID become public?
It became widely known in July 2026 through a criminal case involving the Scattered Spider hacking group. Reporting on the case described how investigators identified an alleged member after Microsoft shared device telemetry, including the GDID, with the FBI. The individual has been accused, not convicted.
Is the GDID the same as a hardware serial number?
No. Unlike a hardware serial number, the GDID is tied to your Windows installation and Microsoft Account rather than to fixed components. A full wipe and clean reinstall of Windows produces a new GDID, so it is created and maintained by the software and the account relationship, not read off unchanging hardware.
What does Microsoft use the GDID for?
Its routine uses include diagnostics and crash reporting, feature-usage analysis, and detecting abuse such as one machine repeatedly claiming free trials or licenses. It also plays a role in account security, where a login from an unfamiliar device paired with a known identifier helps flag compromised accounts.
Is the GDID officially documented by Microsoft?
Not prominently. Microsoft does not feature the Global Device Identifier in its consumer-facing documentation, which is part of why most people had not heard of it before 2026. Much of the public understanding comes from the Scattered Spider court filings and from security researchers, so some details about how it is generated and used remain unconfirmed.