Let us learn about Restrict Personal Email Sync on Windows Devices. Intune has an out of box option to set up an email profile.
Obtaining control over data privacy is one excellent advantage of turning off sync. Protection yourself from security violations and limit external entities’ access to your private data.
Additionally, inactivating Microsoft Sync helps correct device performance and enhance battery existence.
However, I couldn’t find any out-of-the-box option to restrict personal email sync. So, the only option left is to deploy custom Windows 10 CSP policy to block personal email sync from the business device.
Table of Contents
How to Deploy eMail Profile with Intune?
The following steps would help create and deploy an email profile with Intune.
- Navigate to Azure Portal – Microsoft Intune
- Device configuration – Profiles – Create a profile
- Enter a Name and Description for the email profile
- Choose your Platform from the drop-down list. I selected Windows 10 and Later
- In the Profile Type drop-down list, choose Email
- More details are available in the following Microsoft document
Video Tutorial – Restrict Disable Personal Email Sync
The following video is a tutorial of How to create a device configuration profile with a custom CSP Policy.
Create Intune Custom CSP Policy for Windows Devices?
The following steps would help create and deploy custom CSP to restrict personal Email Sync On Windows Devices. Disable Email Sync Corp Device with Intune policies.
- Navigate to Azure Portal – Microsoft Intune
- Device configuration – Profiles – Create a profile
- Enter a Name and Description to restrict a person’s eMail sync or Disable the Email Sync Corp Device
- Select the platform like Windows 10 or Later
- Select the profile type as a custom from the drop-down list
- Click on Settings to configure
- Select Add – Custom OMA-URI Settings for Windows 10 or later
- To configure the custom CSP, as I mentioned in the above Video and below section.
Custom OMA-URI Settings – Restrict Personal Email Sync
Intune can deploy a custom CSP policy to restrict person email sync from Windows CYOD devices. The default value is an empty string, which allows all email accounts on the device to sync email.
Otherwise, the string should contain a pipe-separated (|) list of domains that are allowed to sync email on the device.
Disable the Email Sync Corp device, which is managed by Intune. Once the Windows 10 custom CSP is applied on a Windows device, the user will be able to sync the emails from the domains configured in the value field.
- Name – Email Sync Restriction Policy
- Description – Disable Personal Email Sync
- OMA-URI – ./Vendor/MSFT/Policy/Config/Accounts/DomainNamesForEmailSync
- Data Type – String
- Value – HowtoManageDevices.com|AnoopCNair.com
Event Log – Restrict Personal Email Sync
You can confirm whether a custom CSP policy is applied on Windows CYOD devices by checking the event logs. Disable Email Sync Corp Device with Intune policy.
Event Logs:> Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin
MDM PolicyManager: Set policy string, Policy: (DomainNamesForEmailSync), Area: (Accounts), EnrollmentID requesting merge: (0536D04B-985C-452B-9637-D862493F0F61), Current User: (Device), String: (anoopcnair.com|howtomanagedevices.com|xyz.com|abc.com), Enrollment Type: (0x6), Scope: (0x0).
I have explained Windows troubleshooting in the previous post. But the best place to start troubleshooting is event logs.
Resource
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
This post is really helpful. One point I am not clear on: Does this prevent/restrict synchronizing non-corporate email accounts in Outlook or does this only regulate the Windows mail client?
Thanks for the post.
This is aint working
No, its not working
Not working