Configuring login control for all users

Admins can prevent users from managed devices logging into Microsoft 365 instances with personal credentials or into unsanctioned Microsoft 365 domains.

This is based on matching the domain information you entered when setting up SSO above and also requires the device to have the forward proxy installed. Please view the guide page to learn more about deploying the forward proxy.

Steps

  1. With the forward proxy installed, admins can navigate to the Microsoft 365 settings page by selecting the Microsoft 365 app on the Policies > App Policies page.
  2. First you must select your app instance and then add the hostnames you wish to allow users to connect to (for example the hostnames used for OneDrive and Sharepoint).




  3. Back on the settings page select Login Control and then check the box to Block login to domains". This will now prevent users with the forward proxy on their device from logging in with non-corporate credentials or logging in to unsanctioned Microsoft 365 domains.