Let us learn about Restrict Personal Email Sync On Windows Devices. Intune has an out of box option to set up an email profile.
However, I couldn’t find any out-of-the-box option to restrict personal eMail sync. So the only option left is to deploy custom Windows 10 CSP policy to block personal email sync from the business device.
How to Deploy eMail Profile with Intune?
The following steps would help create and deploy an email profile with Intune.
- Navigate to Azure Portal – Microsoft Intune
- Device configuration – Profiles – Create a profile
- Enter a Name and Description for the email profile
- Choose your Platform from the drop-down list. I selected Windows 10 and Later
- In the Profile Type drop-down list, choose Email
- More details are available in the following Microsoft document
Video Tutorial – Restrict Disable Personal Email Sync
Create Intune Custom CSP Policy for Windows Devices?
The following steps would help create and deploy custom CSP to restrict personal Email Sync On Windows Devices. Disable Email Sync Corp Device with Intune policies.
- Navigate to Azure Portal – Microsoft Intune
- Device configuration – Profiles – Create a profile
- Enter a Name and Description to restrict a person’s eMail sync or Disable the Email Sync Corp Device
- Select the platform like Windows 10 or Later
- Select the profile type as a custom from the drop-down list
- Click on Settings to configure
- Select Add – Custom OMA-URI Settings for Windows 10 or later
- To configure the custom CSP, as I mentioned in the above Video and below section.
Custom OMA-URI Settings – Restrict Personal Email Sync
Intune can deploy a custom CSP policy to restrict person email sync from Windows CYOD devices. The default value is an empty string, which allows all email accounts on the device to sync email.
Otherwise, the string should contain a pipe-separated (|) list of domains that are allowed to sync email on the device.
Disable the Email Sync Corp device, which is managed by Intune. Once the Windows 10 custom CSP is applied on a Windows device, the user will be able to sync the emails from the domains configured in the value field.
- Name – Email Sync Restriction Policy
- Description – Disable Personal Email Sync
- OMA-URI – ./Vendor/MSFT/Policy/Config/Accounts/DomainNamesForEmailSync
- Data Type – String
- Value – HowtoManageDevices.com|AnoopCNair.com
Event Log – Restrict Personal Email Sync
You can confirm whether a custom CSP policy is applied on Windows CYOD devices by checking the event logs. Disable Email Sync Corp Device with Intune policy.
Event Logs:> Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin
MDM PolicyManager: Set policy string, Policy: (DomainNamesForEmailSync), Area: (Accounts), EnrollmentID requesting merge: (0536D04B-985C-452B-9637-D862493F0F61), Current User: (Device), String: (anoopcnair.com|howtomanagedevices.com|xyz.com|abc.com), Enrollment Type: (0x6), Scope: (0x0).
I have explained Windows troubleshooting in the previous post. But the best place to start troubleshooting is event logs.
This post is really helpful. One point I am not clear on: Does this prevent/restrict synchronizing non-corporate email accounts in Outlook or does this only regulate the Windows mail client?
Thanks for the post.