I have been given the task of researching and implementing restrictions within our organization, specifically regarding user access to personal accounts and services from within the Office 365 app suite.
For example, by default, there appears to be no restrictions within any Office application that prevents users adding services and accounts from non-corporate Microsoft accounts (Outlook.com, OneDrive, Dropbox, Gmail etc )
I need to understand if/how any restrictions/policies can be created applied at an organization level, and which Microsoft admin centres they need to be applied in.
Users can connect personal email accounts and storage services within OWA and Outlook.
Users can connect personal OneDrive service within corporate apps - Teams, Sharepoint, Word, Excel etc.
This poses a data loss issue if users are able to connect to personal accounts and copy data between corporate and personal services.
Ideally I would like to think there is a way to preventing access to personal email and storage accounts from within corporate Office apps at source - ie deny access, rather than allow users to connect and prevent data loss using file type policies and DLP rules for example.
I realise this is a big topic, with many different MS services potentially forming part of a solution.
Any ideas or advice on where to start with navigating this would be apreciated?
Note - We are licensed using Office 365 E3 and EMS E5, so do not have access to all Purview features, and potentially other related services as far as I understand.