A
Aleksiv95
Guest
I am maintaining several Windows 10 Pro workstations connected to our domain. Recently, there's been a few cases where a regular user adds their university email account to Outlook, after which:
I'm especially concerned about messing up Office and Windows activations. Is there a way to harden the workstations so that connecting external Azure AD account to Windows would be blocked?
We are using Office 365, so blocking access to Azure or Microsoft 365 is not an option. But only our Office 365 accounts/subscriptions should be allowed to be connected to Windows.
I have enabled "Accounts: Block Microsoft accounts" and "Block all consumer Microsoft account user authentication" but they block only personal Microsoft account, not Azure AD accounts.
More...
- The university account is added as a Work or School Account
- The computer gets listed in "Devices & activity" as "workplace joined" under the user's university Azure AD account (for remote management purposes?!?)
- Microsoft Office gets activated with the user's university Microsoft 365 subscription instead of our Office 365 subscription
- Windows uses the user's university Microsoft 365 subscription to upgrade from Windows 10 Pro to Enterprise
I'm especially concerned about messing up Office and Windows activations. Is there a way to harden the workstations so that connecting external Azure AD account to Windows would be blocked?
We are using Office 365, so blocking access to Azure or Microsoft 365 is not an option. But only our Office 365 accounts/subscriptions should be allowed to be connected to Windows.
I have enabled "Accounts: Block Microsoft accounts" and "Block all consumer Microsoft account user authentication" but they block only personal Microsoft account, not Azure AD accounts.
More...