Restrict Personal Email Sync on Windows Devices

Let us learn about Restrict Personal Email Sync on Windows Devices. Intune has an out of box option to set up an email profile.

Obtaining control over data privacy is one excellent advantage of turning off sync. Protection yourself from security violations and limit external entities’ access to your private data.

Additionally, inactivating Microsoft Sync helps correct device performance and enhance battery existence.

However, I couldn’t find any out-of-the-box option to restrict personal email sync. So, the only option left is to deploy custom Windows 10 CSP policy to block personal email sync from the business device.

How to Deploy eMail Profile with Intune?

The following steps would help create and deploy an email profile with Intune.

1. Navigate to Azure Portal – Microsoft Intune
2. Device configuration – Profiles – Create a profile
3. Enter a Name and Description for the email profile
4. Choose your Platform from the drop-down list. I selected Windows 10 and Later
5. In the Profile Type drop-down list, choose Email
6. More details are available in the following Microsoft document

Video Tutorial – Restrict Disable Personal Email Sync

The following video is a tutorial of How to create a device configuration profile with a custom CSP Policy.

Create Intune Custom CSP Policy for Windows Devices?

The following steps would help create and deploy custom CSP to restrict personal Email Sync On Windows Devices. Disable Email Sync Corp Device with Intune policies.

1. Navigate to Azure Portal – Microsoft Intune
2. Device configuration – Profiles – Create a profile
3. Enter a Name and Description to restrict a person’s eMail sync or Disable the Email Sync Corp Device
4. Select the platform like Windows 10 or Later
5. Select the profile type as a custom from the drop-down list
6. Click on Settings to configure
7. Select Add – Custom OMA-URI Settings for Windows 10 or later
8. To configure the custom CSP, as I mentioned in the above Video and below section.

Custom OMA-URI Settings – Restrict Personal Email Sync

Intune can deploy a custom CSP policy to restrict person email sync from Windows CYOD devices. The default value is an empty string, which allows all email accounts on the device to sync email.

Otherwise, the string should contain a pipe-separated (|) list of domains that are allowed to sync email on the device.

Disable the Email Sync Corp device, which is managed by Intune. Once the Windows 10 custom CSP is applied on a Windows device, the user will be able to sync the emails from the domains configured in the value field.

• Name – Email Sync Restriction Policy
• Description – Disable Personal Email Sync
• OMA-URI – ./Vendor/MSFT/Policy/Config/Accounts/DomainNamesForEmailSync
• Data Type – String
• Value – HowtoManageDevices.com|AnoopCNair.com

Event Log – Restrict Personal Email Sync

You can confirm whether a custom CSP policy is applied on Windows CYOD devices by checking the event logs. Disable Email Sync Corp Device with Intune policy.

Event Logs:> Microsoft->Windows->DeviceManagement-> Enterprise-Diagnostics-Provider/Admin

MDM PolicyManager: Set policy string, Policy: (DomainNamesForEmailSync), Area: (Accounts), EnrollmentID requesting merge: (0536D04B-985C-452B-9637-D862493F0F61), Current User: (Device), String: (anoopcnair.com|howtomanagedevices.com|xyz.com|abc.com), Enrollment Type: (0x6), Scope: (0x0).

I have explained Windows troubleshooting in the previous post. But the best place to start troubleshooting is event logs.

Resource

• Policy CSP https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-domainnamesforemailsync

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.