Forum Discussion
How to Prevent or Block Company users from Adding another Microsoft Work account in IOS Intune
Company-Managed Apps (e.g., Outlook, Teams, OneDrive)
Conditional Access Policies: These policies ensure that users can only access corporate data on managed devices and compliant apps. Users trying to sign in with another work or school account on a corporate device (using these apps) will be blocked from doing so.
App Protection Policies: These policies can be configured to prevent adding multiple work or school accounts within Intune-managed apps (e.g., Outlook, Teams, etc.). So, if you enforce policies that allow only the corporate account, users won’t be able to add another work or school account in these apps.
Personal Apps (e.g., Personal Outlook, Gmail, etc.)
Gmail App or Personal Outlook App (not managed by the company) is not controlled by Intune policies. Users could potentially add other work or school accounts to these apps because they are outside the scope of Intune's management and control.
- Conditional Access Policies may still limit what users can do with those accounts. For example, if they try to access corporate resources (e.g., Exchange Online or SharePoint) from those personal apps, they will be blocked unless the device is compliant and managed by Intune.
Thank you again for your clarification.
After applying all your steps , Will the Users be not able to Add any other Work/School Account in the Personal Outlook App or any Gmail App ?
OR these policy only applicable in Company managed Apps ?
Company-Managed Apps (e.g., Outlook, Teams, OneDrive)
Conditional Access Policies: These policies ensure that users can only access corporate data on managed devices and compliant apps. Users trying to sign in with another work or school account on a corporate device (using these apps) will be blocked from doing so.
App Protection Policies: These policies can be configured to prevent adding multiple work or school accounts within Intune-managed apps (e.g., Outlook, Teams, etc.). So, if you enforce policies that allow only the corporate account, users won’t be able to add another work or school account in these apps.
Personal Apps (e.g., Personal Outlook, Gmail, etc.)
Gmail App or Personal Outlook App (not managed by the company) is not controlled by Intune policies. Users could potentially add other work or school accounts to these apps because they are outside the scope of Intune's management and control.
- Conditional Access Policies may still limit what users can do with those accounts. For example, if they try to access corporate resources (e.g., Exchange Online or SharePoint) from those personal apps, they will be blocked unless the device is compliant and managed by Intune.
Hello micheleariis
I humble request you to also Please check below thread to block User to login to another iOS device. and provide your valuable Input.
- Hello micheleariis,
Thank you again for your Reply.
Do have any input if "Tenant restrictions v2" Should help in this Case or to achieve this Goal.
https://learn.microsoft.com/en-us/entra/external-id/tenant-restrictions-v2
Kindly provide you valuable input.prakashx86 Hi, I don't think these settings can get you to your goal.