Sophos Mobile: Performing restrictions on users from accessing personal accounts in the Outlook app on Android and iOS using Sophos Mobile.

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
_____________________________________________________________________________________________________________________________________

Overview:

Many organizations use Outlook as their preferred email client, but not all want their employees to access their personal email accounts on their work devices. This can pose a security risk, as personal email accounts may contain malware, phishing links, or confidential information that should not be shared with others. How can you prevent your users from adding or using personal email accounts in the Outlook app on their Android and iOS devices?

In this article, I will show you how you can restrict users from configuring or using personal email accounts in the Outlook app on Android and iOS using Managed app configuration. You’ll learn how to create and apply policies that control which email accounts are allowed in the Outlook app.

Steps for Android

1. Log In to Sophos Central.
2. Open Sophos Mobile.
3. Click on Apps → Android.
4. Click on Microsoft Outlook (Add the app from Managed Google Play if not added already).
5. Click on Use managed configuration and then click on Edit managed configuration.
6. In the configuration wizard look for "Allowed Accounts" and click on Configure button next to it.
   A text box will appear, input "$EMAILADDRESS" in the text box.
   this will fetch the email address associated with the user on Sophos Central.

        7. Click on Save

After applying these settings when the user tries to login to outlook app, they will get 1 email address to log in.

Steps for iOS

On iOS we can implement this by using a few Intune Mobile Application Management keys.

1. Log In to Sophos Central.
2. Open Sophos Mobile.
3. Click on Apps → iOS and iPadOS.
4. Click on Microsoft Outlook (Add the app if not added already).
5. Click on "show" next to Settings and VPN. Click on Add parameter.
   1. Name: IntuneMAMAllowedAccountsOnly
      Value: Enabled
      This key specifies whether organization-allowed account mode is active or inactive.
   2. Name: IntuneMAMUPN
      Value: %_EMAILADDRESS_% (this will fetch the email address associated with the user on Sophos Central)  
      This key specifies the User Principal Name for the account.

After applying these settings when the user tries to login to outlook app, they will get 1 email address to log in.

Edit Subject
[edited by: Altmash Rangrez at 8:16 AM (GMT -7) on 21 Oct 2024]