SOLVED

One PC - one Teams account

%3CLINGO-SUB%20id%3D%22lingo-sub-2387514%22%20slang%3D%22en-US%22%3EOne%20PC%20-%20one%20Teams%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2387514%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EHi%2C%20My%20organization%20has%20a%20requirement%20to%20restrict%20teams%20app%20in%20one%20PC%20to%20one%20particular%20employee.%20in%20other%20words%2C%20No%20one%20except%20the%20employee%20who%20has%20registered%20to%20that%20PC%2C%20cannot%20login%20to%20MS%20teams%20by%20using%20their%20credentials.%20Even%20the%20employee%20who%20is%20assigned%20to%20that%20PC%26nbsp%3B%20should%20be%20restricted%26nbsp%3B%20to%20access%20any%20personal%20teams%20account%20except%20organization%20provided%20teams%20account.%20Any%20possibilities%20to%20achieve%20this%20requirement%3F%26nbsp%3B%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2387514%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2388369%22%20slang%3D%22en-US%22%3ERe%3A%20One%20PC%20-%20one%20Teams%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2388369%22%20slang%3D%22en-US%22%3ESo%20what%20mechanism%20do%20you%20use%20today%20to%20keep%20someone%20from%20logging%20on%20to%20another%20workstation%3F%3CBR%20%2F%3E%3CBR%20%2F%3EWith%20Conditional%20Access%20to%20disable%20web%20login%2C%20as%20well%20as%20coming%20from%20anywhere%20besides%20your%20network%2C%20you%20may%20be%20able%20to%20get%20close%2C%20as%20long%20as%20you%20restrict%20the%20user%20logging%20on%20to%20another%20PC.%3CBR%20%2F%3EBut%20honestly%2C%20AFAIK%2C%20there%20is%20ABSOLUTELY%20NO%20security%20advantage%20is%20doing%20this.%20Securing%20the%20PC%20by%20enabling%20Bitlocker%2C%20along%20with%20Teams%20security%20will%20make%20sure%20that%20any%20data%20that%20sit%20on%20the%20workstation%20isn't%20usable%2C%20because%20it%20is%20encrypted.%20If%20I%20log%20onto%204%20different%20machines%2C%20I%20don't%20worry%20about%20anything%20left%20behind.%3CBR%20%2F%3ETo%20keep%20the%20employee%20from%20accessing%20any%20Teams%2C%20you%20just%20have%20to%20make%20sure%20that%20they%20don't%20have%20the%20rights%20to%20any%20Teams.%20And%20you%20need%20to%20make%20sure%20that%20they%20can't%20create%20Teams.%3CBR%20%2F%3EBut%20this%20sounds%20like%20a%20security%20policy%20from%20the%201980's.%20I%20can%20tend%20to%20promise%20that%20it%20probably%20doesn't%20do%20what%20is%20needed.%20It's%20always%20better%20to%20state%20your%20problem%20as%20the%20problem%20and%20don't%20state%20a%20solution%20as%20the%20problem.%3C%2FLINGO-BODY%3E
New Contributor

Hi, My organization has a requirement to restrict teams app in one PC to one particular employee. in other words, No one except the employee who has registered to that PC, cannot login to MS teams by using their credentials. Even the employee who is assigned to that PC  should be restricted  to access any personal teams account except organization provided teams account. Any possibilities to achieve this requirement?  

1 Reply
best response confirmed by ThereseSolimeno (Microsoft)
Solution
So what mechanism do you use today to keep someone from logging on to another workstation?

With Conditional Access to disable web login, as well as coming from anywhere besides your network, you may be able to get close, as long as you restrict the user logging on to another PC.
But honestly, AFAIK, there is ABSOLUTELY NO security advantage is doing this. Securing the PC by enabling Bitlocker, along with Teams security will make sure that any data that sit on the workstation isn't usable, because it is encrypted. If I log onto 4 different machines, I don't worry about anything left behind.
To keep the employee from accessing any Teams, you just have to make sure that they don't have the rights to any Teams. And you need to make sure that they can't create Teams.
But this sounds like a security policy from the 1980's. I can tend to promise that it probably doesn't do what is needed. It's always better to state your problem as the problem and don't state a solution as the problem.