In post explains how to restrict institutional accounts in outlook desktop app for macOS. Currently, Intune app protection policy feature is still not available for macOS platform.
Below payload was created using profile manger, using the below payload, there are plenty of other restriction can be added but the below example is targeted to prevent user from using personal account in outlook app.
change the below values according to your environment.
AllowedEmailDomains = contoso.com
AllowedEmailDomains = Enabled
DisableExport = True
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EditorSettings</key>
<dict>
<key>DisableOptionalKeys</key>
<true/>
<key>DistributionMethod</key>
<string>Any</string>
<key>PayloadContentStyle</key>
<string>Profile</string>
<key>PlatformIOS</key>
<true/>
<key>PlatformMacOS</key>
<true/>
<key>PlatformTvOS</key>
<true/>
<key>ScopeSystem</key>
<true/>
<key>ScopeSystemManaged</key>
<true/>
<key>ScopeUser</key>
<true/>
<key>ScopeUserManaged</key>
<true/>
<key>ShowCustomizedKeys</key>
<true/>
<key>ShowDisabledKeys</key>
<true/>
<key>ShowHiddenKeys</key>
<false/>
<key>ShowSupervisedKeys</key>
<true/>
<key>ShowUserApprovedKeys</key>
<true/>
<key>SignProfile</key>
<false/>
</dict>
<key>PFCConfVersion</key>
<integer>1</integer>
<key>PayloadSettings</key>
<dict>
<key>managedPreferencesApplications</key>
<dict>
<key>com.microsoft.Outlook</key>
<array>
<dict>
<key>AllowedEmailDomains</key>
<array>
<string>azureessentials.in</string>
</array>
<key>EnableNewOutlook</key>
<integer>0</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.281C8D83-EF55-4587-92F6-77130EE9CEA5.com.microsoft.Outlook.C84CB835-5EB2-4F54-92EC-E27F020A4980</string>
<key>PayloadUUID</key>
<string>C84CB835-5EB2-4F54-92EC-E27F020A4980</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SignInOptions</key>
<integer>2</integer>
</dict>
</array>
</dict>
</dict>
<key>ProfileSettings</key>
<dict>
<key>PayloadDescription</key>
<string>Prevent user from adding personal account.</string>
<key>PayloadDisplayName</key>
<string>Outlook App Restriction</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.281C8D83-EF55-4587-92F6-77130EE9CEA5</string>
<key>PayloadOrganization</key>
<string>AzureEssentails</string>
<key>PayloadScope</key>
<string>user</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>281C8D83-EF55-4587-92F6-77130EE9CEA5</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<key>ViewSettings</key>
<dict>
<key>managedPreferencesApplications</key>
<dict>
<key>com.microsoft.Outlook</key>
<array>
<dict>
<key>AllowedEmailDomains</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<key>AutomaticallyDownloadExternalContent</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
<key>DisableExport</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<key>DisableImport</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<key>EnableNewOutlook</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
<key>SignInOptions</key>
<dict>
<key>Enabled</key>
<true/>
</dict>
</dict>
</array>
</dict>
<key>manifestsApple</key>
<dict>
<key>Configuration</key>
<array>
<dict>
<key>PayloadDescription</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
<key>PayloadOrganization</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
<key>PayloadScope</key>
<dict>
<key>Enabled</key>
<false/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>
The above profile can be added in Intune under device configuration as custom profile.
