Feb 04 2018
- last edited on
Feb 01 2023
just wondering if anyone can share how they prevent their users from login to their personal office 365 accounts?
especially for services such as onedrive, outlook...
Feb 04 2018 05:07 PM
thanks. How does this prevent user from login to their personal account when they are in the company network?
Feb 04 2018 11:01 PM
Well it helps when you give more than a one-line description of the issue. If by personal you mean their own O365 subscriptions or in general any "non-company" O365 tenant, you can use the "tenant restrictions" feature: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions
Feb 26 2019 04:06 AM - edited Feb 26 2019 04:07 AM
Tenant restrictions prevent users from logging into other business tenants, but there doesn’t seem to be a way to prevent users from logging into their personal outlook accounts (e.g. hotmail).
We can block personal OneDrive by blocking specific live.com endpoints, but that doesn’t work for Outlook.
Does anyone know how to block our business users from logging into their personal (eg non business tenant) Outlook and creating a data leakage concern?
Feb 26 2019 04:38 AM
You can use a regkey or via GPO to restrict adding any further accounts in outlook!
Furthermore you can utilize IRM , AIP and conditional access to restrict forwarding, download, copy / paste, device and location restriction etc. to further enhance your security
Jun 03 2020 11:33 AM
@adam deltinger Do you know if there has been any updates to this? I'm trying to find a simple way of restricting domain sign in so a user cant sign into their hotmail account from a company machine.
Nov 30 2021 07:20 AM - edited Nov 30 2021 07:20 AM
@yanmouldyThis can be done via Group Policy:
User Configuration > Policies > Administrative Templates > Microsoft Office 2016 > Miscellaneous > Block signing into Office
Setting this to 'Org ID only' prevents personal accounts from being used