Forum Discussion

AtanasM's avatar
AtanasM
Iron Contributor
Jul 13, 2023

How to restrict users adding email accounts to Outlook different from company's domains

Is it possible to restrict users adding email accounts to Outlook different from company's domains?
Intune
  • ShadyKhorshed's avatar
    ShadyKhorshed
    Jul 17, 2023

    Hallo AtanasM

    As promised, below are screenshots of iOS config
    1- AppPP 
    2- Outlook app Config policy

    3- Teams app Config policy. 

     

    as for normal iOS app Config policy, just make sure to add the following to each managed app (as show in the Teams app config).

    IntuneMAMUPN
    String
    {{userprincipalname}}

     

     

     



     

ShadyKhorshed's avatar
ShadyKhorshed
Iron Contributor

Hello AtanasM

You might wanna restrict user experience to only business use on the M365 apps, but you’ll have to consider the full user experience. What is your goal here, MDM  or MAM? 

if you’re considering MAM, I would suggest to configure App configuration policy and app protection policy. 

if you wish, I might be able to give you a could of best practices in that direction. 

best regards 

Shady Khorshed 

AtanasM's avatar
AtanasM
Iron Contributor
Jul 14, 2023
Hi ShadyKhorshed
I just want to restrict users to add email accounts to Outlook only from the 2 company domains.
  • ShadyKhorshed's avatar
    ShadyKhorshed
    Iron Contributor
    Jul 14, 2023

    Hello AtanasM
    first of all, make sure to create App configuration policy for Outlook, in the below example, is the App Config for iOS

    By enabling this setting, users will be unable to add personal email and storage accounts within Outlook. If the user has a personal account added to Outlook, the user is prompted to remove the personal account. If the user does not remove the personal account, the work or school account cannot be added.​



    If you found my answer helpful, please make this answer as best!

    Best regards
    Shady Khorshed

    • AtanasM's avatar
      AtanasM
      Iron Contributor
      Jul 14, 2023
      ShadyKhorshed I was asking here not about personal accounts, but about Work & School accounts from other organizations, different from company's domains.
      • ShadyKhorshed's avatar
        ShadyKhorshed
        Iron Contributor
        Jul 14, 2023

        Haello AtanasM

        the answer would still be the same in my previous comment. If you disable the highlighted function in app configuration policy, then the Outlook app allows only one work and school account. 

        on the other hand, if the end scenario is to allow only your Business UPN and no other external UPNs are allowed, then you can still configure it in App configuration policy, and you’ll have to make sure that you are pushing VPP apps (in iOS case) to the managed device. 

         

        best regards 

        Shady Khorshed 

Resources