Restrict sign-in to specific accounts in Microsoft Teams desktop

New Feature: Teams

From Microsoft Corporation

MC227199, Stay Informed, Published date: Nov 20, 2020
Admin impact, New feature, User impact

You will soon be able to restrict Teams sign-in for Windows and Mac managed devices to ensure that employees cannot sign-in to another organization’s tenant using other tenant’s credentials from the device they are authorized to use for work. This policy can also be used to configure access to personal accounts. This policy does not apply to the Teams web app. Similar policies are available to restrict sign-in on Teams on iOS and Android apps.

This message is associated with Microsoft 365 Roadmap ID 68693 .

When this will happen

This feature will roll out in mid-November 2020 and be should be complete by the end of the year.

How this will affect your organization

When this policy is configured on a device, users can sign in only with accounts homed in an Azure AD tenant that is included in the Tenant Allow List defined in the policy.

What you need to do to prepare

The policy applies to all sign-ins, including first and additional accounts. If your organization spans multiple Azure AD tenants, you can include multiple Tenant IDs in the Allow List. Links to add another account may continue to be visible in the Teams app, but they won’t be operable.

Note:

  • This policy only restricts sign-ins. It does not restrict the ability for users to be invited as guest in other Azure AD tenants or switch to tenants they have been invited to.
  • This policy can be used to block personal accounts. 

Learn more: How to restrict sign in on desktop devices