Forum Discussion

CeciNestPasLegal's avatar
CeciNestPasLegal
Copper Contributor
Jul 10, 2024

Block Microsoft 365 account from logging on Windows machine?

Hello! How can I block a user from logging on Windows with Azure AD on our machines, but still allow it to use Microsoft 365?

 

Basically we have a service account that should only be accessed from iOS MDM devices by default.
A way to exempt some Windows machines would be nice, but the preference is ban the account from Windows logon altogether. 

We use Microsoft 365 with Intune. All machines are managed.

 

Thanks in advance!

  • CeciNestPasLegal 

     

    Conditional Access can help:

     

    • Use Conditional Access policies in Azure AD to control access based on conditions
    • Create a new policy that targets the specific user account you want to restrict
    • Configure the policy to block sign-ins for that user account

Resources