Prevent access to personal accounts from Office 365

Matt Pollock 241 Reputation points
2023-07-17T14:39:53.0733333+00:00

Hello,

I have been given the task of researching and implementing restrictions within our organization, specifically regarding user access to personal accounts and services from within the Office 365 app suite.

For example, by default, there appears to be no restrictions within any Office application that prevents users adding services and accounts from non-corporate Microsoft accounts (Outlook.com, OneDrive, Dropbox, Gmail etc )

I need to understand if/how any restrictions/policies can be created applied at an organization level, and which Microsoft admin centres they need to be applied in.

Example scenarios:

Users can connect personal email accounts and storage services within OWA and Outlook.

Users can connect personal OneDrive service within corporate apps - Teams, Sharepoint, Word, Excel etc.

This poses a data loss issue if users are able to connect to personal accounts and copy data between corporate and personal services.

Ideally I would like to think there is a way to preventing access to personal email and storage accounts from within corporate Office apps at source - ie deny access, rather than allow users to connect and prevent data loss using file type policies and DLP rules for example.

I realise this is a big topic, with many different MS services potentially forming part of a solution.

Any ideas or advice on where to start with navigating this would be apreciated?

Note - We are licensed using Office 365 E3 and EMS E5, so do not have access to all Purview features, and potentially other related services as far as I understand.

Microsoft Exchange Online
Office
Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,191 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
864 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
92 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Matt Pollock 241 Reputation points
    2023-07-25T19:53:35.38+00:00

    Just to update this topic, I was able to achieve the objectives listed in the original question by amending:

    -default OWA policy -

    ConditionalAccessPolicy : ReadOnlyPlusAttachmentsBlocked

    PersonalAccountCalendarsEnabled : False

    AdditionalStorageProvidersAvailable : False

    PersonalAccountsEnabled : False

    -Sharepoint - limited access for unmanaged devices

    -Amended conditional access policy in Azure - Use app enforced restriction

    0 comments No comments