In this post I will show you how you can restrict users signing into 365 Apps with a personal microsoft account.
You might want to restrict singing into the 365 Apps because your company has got 365 tenent policys set, like restricting access to the office store from the 365 Apps to prevent users from installing and using Office add-ins. If the user signs in the 365 Apps with a personal account they can bypass settings like this and still install and use office add-ins from the store.
The best way to restrict signing into the 365 Apps is to use a Group Policy setting. How do you know what settings there are to be set in group policy’s? Wel there is a great website that shows you almost every available gpo setting there is.
Group Policy Administrative Templates (admx.help)
On this website you can search for gpo setting by clicking a subject in the list shown below.
You can also search a gpo setting by clicking the top right search button and then give in the search criteria like Block signing in office.
When you find the setting you are looking for, in this case the Block signing into office. You can see the follwoing information:
- The location where you can find the gpo setting to enable it.
- Information about the options you can set and what each option value will do.
- Information about the register keys that will be set when choosing the different option values.
In this case we want to restrict signing into the 365 Apps with a personal account but we do want users to sign in with the ID the organization has given them. So we will have to Enable the GPO Block signing into Office and set the option: Block signing into office to the value: Org ID only
When this Group policy setting and option is enabled, the users will see this notification when trying to sign into the 365 Apps with there personal account.
This policy setting only effects the sign in of the 365 Apps, when the user wants to sign into the onedrive client with a personal account it is still possible. Users that are already signed in with a personal account in the 365 Apps will be signed out when this policy is loaded on the device.