VMware Workspace ONE Community
rmcpdias
Enthusiast
Enthusiast
‎08-26-2023 04:48 AM

Restrict Office Applications like Teams & Outlook to use only Work or School Accounts

Hello, good morning.

 Is it possible to restrict Office Applications like Teams & Outlook to use only Work or School Accounts?

 

Best Regards,

Rui

0 Kudos
9 Replies
trobertson
Enthusiast
Enthusiast
‎08-26-2023 08:36 AM

Rui,

Yes this is possible and like most challenges there are several ways to accomplish this depending on the environment and tools available.  1) Are you AAD, Hybrid, AD on-prem? 

2) Do you want to stay in the Microsoft ecosystem or do you want to leverage functionality within Workspace ONE UEM, Access, or another thirty-party authentication platform?

There are options like GPO, CSP, etc depending on your environment and applications.

I've used this before: https://learn.microsoft.com/en-us/sharepoint/use-group-policy#allow-syncing-onedrive-accounts-for-on...

More info on tenant restrictions: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/tenant-restrictions-v2

 

 

0 Kudos
rmcpdias
Enthusiast
Enthusiast
‎08-28-2023 03:19 AM

Hi, good morning.

I just want to know if it's possible to do this trough config keys, like they say here:

 

https://kb.vmware.com/s/article/50120818

 

Best Regards,

Rui

0 Kudos
ogushia
Hot Shot
Hot Shot
‎08-28-2023 04:14 AM

Hi,
You can allow only work account using config key described following MS docs.
https://learn.microsoft.com/ja-jp/mem/intune/apps/app-configuration-policies-use-ios#allow-only-conf...

 

The settings are as follows.

ogushia_0-1693221281709.png

 

rmcpdias
Enthusiast
Enthusiast
‎08-28-2023 04:27 AM

Hello, good afternoon.

 

Unfortunately we are using a generic account to enroll the phones...this only works if every device is configured with a specific account.

 

Best Regards,

Rui

 

 

0 Kudos
rmcpdias
Enthusiast
Enthusiast
‎08-28-2023 04:31 AM

And also this is for iOS only, not Android.

0 Kudos
trobertson
Enthusiast
Enthusiast
‎08-28-2023 05:36 AM

@rmcpdias, sorry I had Windows on my brain, what endpoints are you using?  Windows, Mac, iOS, Android?

0 Kudos
rmcpdias
Enthusiast
Enthusiast
‎08-28-2023 05:41 AM

Hi, in this case we are using Android.

0 Kudos
ogushia
Hot Shot
Hot Shot
‎08-28-2023 07:26 AM

Hi,
I see your situation..
For Android, it seems that allowed accounts can be specified using following config.
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android#allow-only-...
>Key com.microsoft.intune.mam.AllowedAccountUPNs
>Values
>One or more ; delimited UPNs.
>Only account(s) allowed are the managed user account(s) defined by this key.

 

If you are not using a specific account when enrolling devices, I think you will have to manually specify all accounts in the Application Configuration.(I have never tried with Android device.)

ogushia_0-1693232526777.png

 

rmcpdias
Enthusiast
Enthusiast
‎08-28-2023 07:43 AM

Thank you very much. I'm going to test it to see if it works!

0 Kudos