Forum Discussion
Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hi Juan,
You can do this in many ways, here's how I would do it:
- Conditional Access policies through Microsoft Entra can block personal email services. https://learn.microsoft.com/fi-fi/appcenter/general/configuring-aad-conditional-access
- Another way is using Defender for Cloud apps to basically do the same. You create an access policy where if users try to access sites such as gmail.com > then block: https://learn.microsoft.com/en-us/defender-cloud-apps/control-cloud-apps-with-policies
- Lastly, you can use Purview DLP and Endpoint DLP. Create a policy so that when a user attempts to go to site such as gmail.com and tries to upload data > the policy kicks-in and blocks them: https://learn.microsoft.com/en-us/purview/endpoint-dlp-using?tabs=purview
I am not sure how either of the above solutions will block access to Hotmail or Outlook.com
- Conditional Access Policy - May I know what conditions will you use to block personal email using Conditional Access policy?
- What App will you use for Hotmail or Outlook.com in your Access policy?
- Please if you can tell me the configuration for DLP or Purview Policy?
In Entra, you use the Web Content filtering policy (see below) > You will need to create a new policy (my demo account does not have it) this is the guide: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-web-content-filtering
Then you can add the domains that you'd like to block within the rules.
For Microsoft Purview, it's more of blocking sensitive data from being uploaded/ used in specific cloud domains, think of it as an extra measure to ensure that your users will not be able to upload to Hotmail or Gmail. https://learn.microsoft.com/en-us/purview/endpoint-dlp-using?tabs=purview#scenario-3-modify-the-existing-policy-block-the-action-with-allow-override
Thanks for the update but web filtering policies are part of Entra Internet Access which is an addon and needs additional licensing.
Also, will blocking Hotmail also block access to Outlook.com because now personal Microsoft mail domain is outlook and if we block it, it also blocks the Outlook web access for corporate email.
