Block content uploads between work and personal accounts in Teams desktop app

%3CLINGO-SUB%20id%3D%22lingo-sub-1880501%22%20slang%3D%22en-US%22%3EBlock%20content%20uploads%20between%20work%20and%20personal%20accounts%20in%20Teams%20desktop%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1880501%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20there%20is%20no%20mechanism%20to%20keep%20users%20from%20logging%20into%20their%20consumer%20instance%20of%20Teams%20or%20another%20work%20tenant%20I%20wanted%20to%20see%20if%20there%20was%20a%20way%20possibly%20using%20Intune%20App%20Protection%20policies%20to%20block%20uploading%20enterprise%20data%20when%20users%20switch%20accounts%20in%20the%20Teams%20desktop%20app.%26nbsp%3B%20Win10%20devices%20are%20enrolled%20and%20compliant%20at%20this%20point%20and%20the%20functionality%20is%20there%20to%20separate%20out%20work%20and%20personal%20on%20mobile%20devices%20such%20as%20iOS%20and%20Android%2C%20but%20I%20am%20having%20trouble%20finding%20if%20this%20is%20possible%20for%20Win10%20endpoints.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20realize%20there%20is%20the%20option%20to%20block%20authenticating%20to%20only%20our%20tenant%20by%20injecting%20headers%20with%20our%20tenant%20ID%2C%20but%20that's%20taking%20a%20giant%20hammer%20to%20the%20issue%20and%20we're%20afraid%20it%20may%20cause%20more%20issues%20than%20it's%20worth.%26nbsp%3B%20So%20this%20option%20would%20be%20a%20last%20resort.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1880501%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Since there is no mechanism to keep users from logging into their consumer instance of Teams or another work tenant I wanted to see if there was a way possibly using Intune App Protection policies to block uploading enterprise data when users switch accounts in the Teams desktop app.  Win10 devices are enrolled and compliant at this point and the functionality is there to separate out work and personal on mobile devices such as iOS and Android, but I am having trouble finding if this is possible for Win10 endpoints.

 

I realize there is the option to block authenticating to only our tenant by injecting headers with our tenant ID, but that's taking a giant hammer to the issue and we're afraid it may cause more issues than it's worth.  So this option would be a last resort.

 

Thanks 

0 Replies