Windows 10 - Can I use Windows 10 group policy to stop changes by my sons school?

Question

I am setting up a personal laptop for my son to use at school. I have parental control software on the machine and created a group policy for his user account to limit access to items like the control panel. Everything worked great until we logged into Office 365 using his school email. It came up with an option to remember the password and let his school manage his computer. The option to remember the password was accidently clicked. I lost the ability to block youtube.com because his school allows it. I have set the email address to no longer by managed by his school but I still can't block youtube.com anymore on his user account.

I may have to remove his user account completely from the machine and start over.

Is there a setting in the group policy settings that will stop this from happening again?

Thank you in advance,

Jason

Answer 1

Hi Jason,

This should only be possible using GPO on a server. For Desktop O/S this is not possible.
There are a few things you could do though.

1. Set up a new account for him and when signing in to an office product locally (e.g. Word or Excel) sign in to "This app only" it is an option which you will get upon the first time signing in, preventing you from enrolling in their tenant under their policies.
2. Alternatively you could consider blocking websites through your router for his MAC address (as this is device bound)

Hope this helps!

(If it did, please accept the answer and upvote)

Answer 2

You can try to remove the device from the school account.

1. Go to account.microsoft.com/devices, sign in, and find the device you want to remove.
2. Select the device to see all your options, select Remove device, then follow the instructions.

Also check the settings if the school account is removed there: