how to prevent users from login to their personal office365 account?

%3CLINGO-SUB%20id%3D%22lingo-sub-152219%22%20slang%3D%22en-US%22%3Ehow%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-152219%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ejust%20wondering%20if%20anyone%20can%20share%20how%20they%20prevent%20their%20users%20from%20login%20to%20their%20personal%20office%20365%20accounts%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eespecially%20for%20services%20such%20as%26nbsp%3Bonedrive%2C%20outlook...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-152219%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-356880%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356880%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20use%20a%20regkey%20or%20via%20GPO%20to%20restrict%20adding%20any%20further%20accounts%20in%20outlook!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFurthermore%20you%20can%20utilize%26nbsp%3B%20IRM%20%2C%20AIP%20and%20conditional%20access%20to%20restrict%20forwarding%2C%20download%2C%20copy%20%2F%20paste%2C%20device%20and%20location%20restriction%20etc.%20to%20further%20enhance%20your%20security%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdam%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-356864%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356864%22%20slang%3D%22en-US%22%3E%3CP%3ETenant%20restrictions%20prevent%20users%20from%20logging%20into%20other%20business%20tenants%2C%20but%20there%20doesn%E2%80%99t%20seem%20to%20be%20a%20way%20to%20prevent%20users%20from%20logging%20into%20their%20personal%20outlook%20accounts%20(e.g.%20hotmail).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20can%20block%20personal%20OneDrive%20by%20blocking%20specific%20live.com%20endpoints%2C%20but%20that%20doesn%E2%80%99t%20work%20for%20Outlook.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20how%20to%20block%20our%20business%20users%20from%20logging%20into%20their%20personal%20(eg%20non%20business%20tenant)%20Outlook%20and%20creating%20a%20data%20leakage%20concern%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-152301%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-152301%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20it%20helps%20when%20you%20give%20more%20than%20a%20one-line%20description%20of%20the%20issue.%20If%20by%20personal%20you%20mean%20their%20own%20O365%20subscriptions%20or%20in%20general%20any%20%22non-company%22%20O365%20tenant%2C%20you%20can%20use%20the%20%22tenant%20restrictions%22%20feature%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-tenant-restrictions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-tenant-restrictions%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-152264%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-152264%22%20slang%3D%22en-US%22%3E%3CP%3Ethanks.%20How%20does%20this%20prevent%20user%20from%20login%20to%20their%20personal%20account%20when%20they%20are%20in%20the%20company%20network%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-152231%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-152231%22%20slang%3D%22en-US%22%3E%3CP%3EUse%20the%20%22block%20sign-in%22%20option%20in%20the%20O365%20portal%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1438199%22%20slang%3D%22en-US%22%3ERe%3A%20how%20to%20prevent%20users%20from%20login%20to%20their%20personal%20office365%20account%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1438199%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F72542%22%20target%3D%22_blank%22%3E%40adam%20deltinger%3C%2FA%3E%26nbsp%3BDo%20you%20know%20if%20there%20has%20been%20any%20updates%20to%20this%3F%26nbsp%3B%20I'm%20trying%20to%20find%20a%20simple%20way%20of%20restricting%20domain%20sign%20in%20so%20a%20user%20cant%20sign%20into%20their%20hotmail%20account%20from%20a%20company%20machine.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

hi,

 

just wondering if anyone can share how they prevent their users from login to their personal office 365 accounts? 

 

especially for services such as onedrive, outlook...

 

6 Replies
Highlighted

Use the "block sign-in" option in the O365 portal?

Highlighted

thanks. How does this prevent user from login to their personal account when they are in the company network? 

Highlighted

Well it helps when you give more than a one-line description of the issue. If by personal you mean their own O365 subscriptions or in general any "non-company" O365 tenant, you can use the "tenant restrictions" feature: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions

Highlighted

Tenant restrictions prevent users from logging into other business tenants, but there doesn’t seem to be a way to prevent users from logging into their personal outlook accounts (e.g. hotmail).

 

We can block personal OneDrive by blocking specific live.com endpoints, but that doesn’t work for Outlook.

 

Does anyone know how to block our business users from logging into their personal (eg non business tenant) Outlook and creating a data leakage concern?

 

Highlighted

You can use a regkey or via GPO to restrict adding any further accounts in outlook!

 

Furthermore you can utilize  IRM , AIP and conditional access to restrict forwarding, download, copy / paste, device and location restriction etc. to further enhance your security

 

Adam

Highlighted

@adam deltinger Do you know if there has been any updates to this?  I'm trying to find a simple way of restricting domain sign in so a user cant sign into their hotmail account from a company machine.