I'm looking for a way to prevent users from signing into Microsoft 365 with their personal accounts in both Chrome and Edge browsers. Our company is rolling out Copilot, and we need to ensure that users are logged into their work accounts to access it. Is there a solution for this?
4 Answers
You'll likely need something like Cato, Netskope, or Zscaler to create policies that manage what emails can log into which applications. These tools perform TLS inspection and CASB functionalities to enforce that.
For Chrome, you won't have this ability, but for Edge, you can set up tenant restrictions that can block sign-ins to non-corporate accounts.
Yes, you can use Group Policy Objects (GPO) to help with this, or you can go for Global Secure Access for more comprehensive coverage. If you're using Microsoft services, it's included with Entra P1. Check out this deployment guide for Global Secure Access for a detailed setup.
There's a policy in Edge called "Restrict which accounts can be used to sign in to Microsoft Edge". You can set this up to limit logins to just your organization's tenant, but just be aware that it won't prevent someone from accessing OneDrive with a personal account.
Just a heads-up, it really only works in Edge, but you can set up a tenant restriction profile to block logins to other tenants, including personal ones.