Modern Workplace Consultant and Microsoft Certified Trainer
edge chromium mem msintune endpoint intune restrict accounts Microsoft365

Restrict accounts to sign in to Microsoft Edge

by Jeroen Burgerhout 2 min read

Just a quick, short blog post this time. And it's about how you can restrict in Microsoft Edge that only one of your company's accounts can sign in to sync and no other accounts during the Sync opt-in window.

The advantage, at least that's what I think, is that you can create multiple profiles in Microsoft Edge and then you can turn on the sync, so that you keep the same settings everywhere you log in, in Microsoft Edge.

But alas.... there are also companies that think you should only sync in Microsoft Edge with your work account. And no other accounts. 😒 This wish came from the organization where I am now, and I found out that it is possible with the following policy "RestrictSigninToPattern".

In this blog post I will show you how you can set that up in Microsoft Endpoint Manager. 👇

  1. Go to the Enpoint Manager portal
  2. Go to Devices -> Windows and click on Configuration profiles
  3. Select the Create profile button
  4. By the Platform dropdown, select Windows 10 and later
  5. By the Profile type dropdown, select Settings catalog (preview)
  6. Select the Create button
  7. Give the policy a name, and click on Next
  8. Select the + Add settings button
  9. On the right side, in the Settings picker, type RestrictSigninToPattern in the search field
  10. Select the Microsoft Edge button
  11. Check, suitable for your environment, the device or the user setting. I will go for the device setting
  12. Then you can Enable the setting, through the Restrict which accounts can be used as Microsoft Edge primary accounts "switch"
  13. In the Restrict which accounts can be used as Microsoft Edge primary accounts (Device) field, you need to type the preferred UPN, in the following pattern .*@theorange.cat
  14. Select the Next button
  15. Assign it to a group
  16. Select the Next button
  17. At the Review + create tab, Select the Create button
Figure 01 - Restrict which accounts can be used as primary accounts

The End result

After your device picked up the new policy setting, you will notice that it is impossible to add a different UPN to the Microsoft Edge browser, as you can see on the recording below.

That's it for today. Happy reading and until next time.

Read more posts by this author

Jeroen Burgerhout

Modern Workplace Consultant | MCT | Author | Microsoft 365 | Intune | Azure AD | Modern Workplace | CEO (Chief Everything Officer) | Founder @workplacedudes

The link has been copied!
You’ve successfully subscribed to Jeroen Burgerhout
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.