Jun 13 2022 02:28 AM
With the help of EMS(Enterprise Mobility + Security) license can we resolve below queries.
How do we restrict users from login on personal laptops? Both OWA and Outlook config.
Mobile - for those who we allow, we must monitor. Rules such as no external email from mobile app must be configured.
Mobile - for those who we block, they should not be able to use OWA and Outlook.@tech community discussion
Jun 13 2022 11:11 AM
Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Security, Compliance and Identity space - please post Security, Compliance and Identity questions here in the future.
Jun 13 2022 09:03 PM
@Eric Starker Thanks Eric.
Jun 13 2022 10:47 PM
SolutionHello @dixitab,
The 1st and the 3rd goals could be achieved by using Conditional Access policies. "Block Access to Office365 apps from devices that are not Azure AD Joined or Azure AD Hybrid Joined".
Regarding the 2nd question, please provide more details. Do you want that users won't be able to configure any external emails on their phones? In the Outlook app or in native email apps?
Jun 14 2022 02:00 AM
Hello @mikhailf
Thanks for the response.
2nd question - Is it possible to configure/add your personal email address in the work profile ? if yes how we can restrict user.
I have one more query -
1- If we allow a few users to access emails on their personal devices (laptop, mobile phone) via owa or on outlook app, is it possible to monitor their activity?
Thanks in advance!
Jun 14 2022 02:50 AM
Hello @dixitab,
2 - please, check this answer: Remove / Block / Prevent Personal Email Accounts in Outlook - Microsoft Tech Community. Probably this can help.
1 - Yes, you can monitor users' activities. You can monitor Sign-in activities using Azure Active Directory -> Sign-in logs. Or you can use Microsoft Sentinel to monitor activities in Office 365.
Jun 15 2022 11:20 PM
Oct 04 2023 09:45 PM
@mikhailf Can we restrict user from adding personal email in windows mail and calendar application using any windows native configuration/ settings ?
Or do we require any third party application ?
Or it can be implemented using any Active Directory (on premise) services ?
Oct 05 2023 08:07 AM
Hello @b3118,
Please, review this post: How to block user self adding personal email accont to Outlook? - Microsoft Community Hub
Jun 13 2022 10:47 PM
SolutionHello @dixitab,
The 1st and the 3rd goals could be achieved by using Conditional Access policies. "Block Access to Office365 apps from devices that are not Azure AD Joined or Azure AD Hybrid Joined".
Regarding the 2nd question, please provide more details. Do you want that users won't be able to configure any external emails on their phones? In the Outlook app or in native email apps?