Restrict users` local account logging in to work M365

Question

Restrict users` local account logging in to work M365

ラナ 40

scenario:

When using a personal PC for work. work or school account is set up as a domain join.

user has a personal local account in the PC.

Environment:

Microsoft 365 Business Premium, Microsoft EntraID P1 and Intune

Question:

How to restrict personal local account from accessing work M365? is it possible to do so?

Accepted answer

1 additional answer

Your answer

Answer 1

@ラナ,Thanks for posting in Q&A.

From your description, I know you want to restrict local user account accessing work Microsoft 365.

Based on my researching, we can create a conditional access policy to achieve your goal.

1.Create a Conditional Access policy > In Target resources select Cloud apps > Select Office 365.

2.In Grant Session, select Grant access for the work account you allowed, then only work account can access Microsoft 365 resources and personal account cannot access Microsoft 365 resources.

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps#office-365

Or you can use GPO to restrict personal account access Microsoft resources.

https://www.iamsysadmin.eu/featured-posts/restrict-signing-into-365-apps-with-a-personal-microsoft-account/

Non-official, just for reference.

Hope it will help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

ラナ 40 Reputation points

2024-05-13T07:24:23.2733333+00:00

＠ZhoumingDuan-MSFT,

Thank you for the answer.

May be you know, that Visual Studio App Center is scheduled for retirement on March 31, 2025.
Do you have an idea about whether if the Visual Studio App Center retirement affect the functionality of Azure Active Directory Conditional Access after March 31, 2025?
ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2024-05-13T08:30:57.43+00:00

@ラナ,Thanks for your reply.

The Visual Studio App Center retirement will not affect the functionality of Azure Active Directory Conditional Access, it will work as usual.

Answer 2

Pavel yannara Mirochnitchenko 13,336 MVP

Use Conditional Access and in Grant-phase, require device to be compliant. Same time, create Compliant Policies in Intune and assign in only to Corporate device or only to specific device name pattern.

Edit: okay, I have read again and you only want to limit this for local account, but I assume, you want allow the access for home device itself, right? Maybe if you assign Compliance Policy to users only? But I am not sure, it still might flow down to device.

ラナ 40 Reputation points

2024-05-13T01:03:38.6933333+00:00

Thank you very much for your insights. I will try to restrict access for personal local accounts on PCs while ensuring compliance and security for work Microsoft 365 resources. I will get back to you if I success.
Thank you again!
ラナ 40 Reputation points

2024-05-13T01:05:17.6566667+00:00

Thank you for your insights. I will try to restrict access for personal local accounts on PCs while ensuring compliance and security for work Microsoft 365 resources.
Thank you again!

Share via

Restrict users` local account logging in to work M365

1 additional answer

Your answer