Microsoft Teams: sign-in only with our workplace account and block user sign-in with other workplace account or personal.

Sergio Londono 671 Reputation points
2023-11-06T16:35:56.5633333+00:00

Hello Microsoft,

I have a challenge in my organization because the employees are all remote.

For MS Teams, our company works with employees 100% remotely.

They are using laptops delivered by our mycompany.com and they are Microsoft Entra ID E5. We need to avoid data exfiltration and minimize some risks that we are getting with employees remote.

 

  1. Control sign-in for Microsoft Teams

 

Is there any way to force Microsoft Teams to only sign in with his own account?

           I.e: only allow UPN@mycompany.com from my laptop delivered to me by our company

                    If not possible by my single UPN, can we only allow the domain sign-in @**mycompany.com**
  • This is important because if the user can sign in with his personal or other workplace account, he may be able to exfiltrate data to other SPO or OneDrive.
  • This will block employees from using the laptops we provided to work in different companies at the same time.

2.Block access to meetings different from mycompany.com For some of our agents, they should only be able to access meetings generated by mycompany.com, any other meeting with other host tenants should be blocked. 3.Accept invitations for meeting only for ITI.CA.

  1. For some users, they should only receive invitations from mycompany.com, if any other person from other tenants sends a meeting invite to this user, the invite should be blocked.

User's image

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,322 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,142 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 108.2K Reputation points MVP
    2023-11-06T17:07:14.9866667+00:00

    #1 can be achieved by the Tenant restrictions feature: https://learn.microsoft.com/en-us/entra/external-id/tenant-restrictions-v2

    Alternatively, you can use device policies, assuming all the devices are managed: https://learn.microsoft.com/en-us/microsoftteams/sign-in-teams#how-to-restrict-teams-sign-in-on-desktop-devices

    However, only tenant restrictions will be able to prevent access via the browser client.

    #2 and #3 cannot be addressed, as users can always join anonymously.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.