Limit Account Sign-In

Copper Contributor

Hello,

 

We are deploying Microsoft Teams across the organization but ran into a security concern.  Is there a way to limit login credentials to only those for my organization?  We do not want staff to be able to logout of their work Teams account and login using their personal accounts.  This is cloud based and we will be rolling out the Windows App.  Any help or advise would be greatly appreciated. 

 

Thank you,

5 Replies
AFAIK no, and users could always use any browser or mobile app to login to other tenants!

What’s really the problem here? Why do you think they would logout and use other accounts?

Hello! @PrinceW 

 

Not sure If it's possible to remove the function to add a personal/private account to Teams all togheter. There is still the web-bassed Teams client that they could just sign up to with their private email. 

 

However, you can use Conditional Access policies in Azure AD to Control authentication towards Teams when using company credentials. 
For example, you can require that the users are signing in from a specifit network, a compliant Azure AD Joined device, or that they need to use MFA. 

 

You can also use Conditional Access to controll access to the other workloads in Office365 that Teams uses, like SharePoint and Exchange Online. 

 

Does this help you out or have I missunderstood you? 

 

Kind Regards
Oliwer Sjöberg

@adam deltinger I work in the financial industry. There is a scare of people having access to shared drives outside of the organization. We do not want anyone logging into Office 365 using a personal account and storing files elsewhere.  Not being able to block that access is a bit of a worry.  

@PrinceW 

 

If the worry is that employees would share sensetive documents to people that should not see or have that information. Then I would suggest to put the focus on protecting the data instead of trying to block the possibility to sign into Microsoft Teams with a personal account. 
Think about other SaaS applications like Dropbox, ShareFile, Github, Google Drive etc etc. 

 

I would suggest that you try and implement DLP ( Data Loss prevention ) Retention and also sensitivity labels in your tenant, together with Conditionall Access policies to make sure that the data is only accessible for your legitimate employees. 

 

Also look into Cloud App Security to set up different alerts and monitor file access and user actions a bit more in depth. 

 

Hope this helps! 

 

Kind Regards
Oliwer Sjöberg

Hi @PrinceW ,

 

Just got a response from our Microsoft rep for this, and thought I'd share the answer:

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

 

It turns out you can, as long as your traffic is going through a proxy server.