🆕Protection against adding non-Microsoft accounts into Outlook

Ensure users will only be able to use the company Microsoft accounts to sign in to company apps.

Safetica excels at securing data from leaving controlled environments, but there are certain use cases where its capabilities can be complemented with other tools. 

 

Use case

Your company is using Microsoft Outlook protection to protect emails sent via Outlook. You also ensured that users can add their company accounts only into Outlook. You now want to make sure that users will not add personal/non-Microsoft accounts into company Outlook.

 

For mobile devices, complement Safetica with

Microsoft Mobile Application Management or Microsoft Intune App protection policies. Learn more about Intune App protection policies in Microsoft documentation.

  • You can use Intune App protection policies to limit access only to work/school accounts for specified apps.

 

For desktops, complement Safetica with

Microsoft Intune Configuration policies.

Learn more about Microsoft Intune Configuration policies in Microsoft documentation.

 

Prerequisites

 

Microsoft Intune Configuration policies

  • Are very complex and offer a large number of configuration options from various categories which you can enforce.
  • Allow you to block the addition of non-Microsoft accounts to Outlook.
  • Allow you to block authenticating into company apps via personal Microsoft accounts.
  • The device must be managed by Mobile Device Management (MDM).

Example: Users will not be able to add their personal and non-Microsoft accounts to company Outlook.

 

Example: How to create an Intune Configuration policy that blocks adding non-Microsoft accounts to Outlook

(Last updated August 2024)

  1. Go to Microsoft Intune admin center and navigate to Devices > Windows > Configuration, where you can create policies from templates or from the Settings catalog.
  2. If creating a policy via the Settings catalog, you can add the option Accounts > Allow adding non Microsoft accounts manually and set it to Block.

This option only blocks UI/UX-based methods for adding non-Microsoft accounts. Users will still be able to add non-Microsoft accounts using the EMAIL2 CSP (i.e., add accounts via SMTP). Learn more in Microsoft documentation.

 

Example: How to create an Intune Configuration policy that blocks authenticating into company apps via personal Microsoft accounts

(Last updated August 2024)

  1. Go to Microsoft Intune admin center and navigate to Devices > Windows > Configuration, where you can create policies from templates or from the Settings catalog.
  2. If creating a policy via the Templates > Administrative templates, you can add the option Windows components > Microsoft account > Block all consumer Microsoft account user authentication and block authentication via personal accounts into Microsoft apps and the company device. Learn more about this option in Microsoft documentation.
  3. You can also improve your security by setting up predefined Security Baselines based on your needs. Learn more about Security Baselines in Microsoft documentation.

 

Read next

Best practice: Complementing Safetica protection

Protecting Microsoft 365 data on mobile devices

Protection against accessing company Microsoft 365 email via unauthorized email clients