restrict adding account from another company

Copper Contributor

it's quite easy to disable ability to add personal accounts via Device Restrictions...

what I'm not able to find is how to block ability to add another work account - e.g. from another company.

 

appreciate help!

4 Replies
Hi,

Please take a look at the blog post of Sandy.

https://msendpointmgr.com/2021/03/11/account-settings-of-windows-10/

Let me know if this helping you out.

Rene
thx, i know that post regrettably it is not helpful.
it shows how to block the interface, not ability to actually block adding accounts which may be done e.g. from any office app and possibly other ways
by the way it shows second mostly repeated information, copy pasted from ms doc without explanation: about blocking MSA.. but why would i like to do that? I've read dozed blog post and everyone is copy pasting cons from doc's without explanation what are pros and scenarios of blocking MSA /: if that is the way of blocking adding accounts, disadvantages are quite painful and unacceptable.
i was hoping for some trick being able to define allowed domains thru device restriction or similar. you can configure AllowLogonLocally restrictions via device restrictions, which is close to what I'm looking for, issue there is that you need provide actual user name and not a *@domain.name

haven't been actively looking since, but check out that:https://learn.microsoft.com/en-us/entra/identity/devices/faq#q-how-can-i-block-users-from-adding-add...
scroll to the very bottom