Make sure public discoverability is turned OFF by default for child accounts.
I just set up a child email/Microsoft account for my daughter, which is required to enable family safety and security features on the PC. However it seems to actually increase the risks to her safety, because common-sense safety or security settings are OFF by default, and it takes many hours to discover how they can be enabled.
For instance, although she has never used skype, a skype account was automatically created for her with the Microsoft account, and the "appear in search results" defaults to ON.
As a result an unknown middle aged man has attempted to contact her via Skype within 4 days.
I would expect a much greater level of safety built into the process and systems by default. Otherwise Microsoft is enabling child endangerment and exploitation on a massive scale, and putting the responsibility on parents to find and disable all dangerous and insecure default settings, often after a child has already been contacted or exploited.
This seems like a huge liability for your company.
I do not want my daughter to have access to Skype. But I cannot remove skype without deleting her Microsoft account. And in most recent versions of Windows a Microsoft account is required to turn on any family safety features whatsoever.
Fortunately my daughter told me about this as soon as she was contacted. I shudder to think what happens when an unsuspecting kid just starts chatting innocently
My point is that the skype account should not be automatically created when creating a child account, and should DEFINITELY not be discoverable publicly by default. The fact that this is currently the case is very dangerous for kids and should be fixed immediately.