Apr 10 2020 09:59 AM
Apr 10 2020 09:59 AM
We are deploying Microsoft Teams across the organization but ran into a security concern. Is there a way to limit login credentials to only those for my organization? We do not want staff to be able to logout of their work Teams account and login using their personal accounts. This is cloud based and we will be rolling out the Windows App. Any help or advise would be greatly appreciated.
Apr 10 2020 11:03 AM
Apr 10 2020 11:11 AM
Not sure If it's possible to remove the function to add a personal/private account to Teams all togheter. There is still the web-bassed Teams client that they could just sign up to with their private email.
However, you can use Conditional Access policies in Azure AD to Control authentication towards Teams when using company credentials.
For example, you can require that the users are signing in from a specifit network, a compliant Azure AD Joined device, or that they need to use MFA.
You can also use Conditional Access to controll access to the other workloads in Office365 that Teams uses, like SharePoint and Exchange Online.
Does this help you out or have I missunderstood you?
Apr 10 2020 01:07 PM
@adam deltinger I work in the financial industry. There is a scare of people having access to shared drives outside of the organization. We do not want anyone logging into Office 365 using a personal account and storing files elsewhere. Not being able to block that access is a bit of a worry.
Apr 12 2020 06:47 AM
If the worry is that employees would share sensetive documents to people that should not see or have that information. Then I would suggest to put the focus on protecting the data instead of trying to block the possibility to sign into Microsoft Teams with a personal account.
Think about other SaaS applications like Dropbox, ShareFile, Github, Google Drive etc etc.
I would suggest that you try and implement DLP ( Data Loss prevention ) Retention and also sensitivity labels in your tenant, together with Conditionall Access policies to make sure that the data is only accessible for your legitimate employees.
Also look into Cloud App Security to set up different alerts and monitor file access and user actions a bit more in depth.
Hope this helps!
Nov 22 2020 07:35 PM
Hi @PrinceW ,
Just got a response from our Microsoft rep for this, and thought I'd share the answer:
It turns out you can, as long as your traffic is going through a proxy server.