When you sign-in any Microsoft Application like Microsoft Teams, Microsoft Outlook, Microsoft Excel etc for the first time in any PC. You will get the below pop-up after type your username and credential.
When you just click OK with selecting Allow my organization to manage my device. Your credential will be stored in the PC which means you can open all the Microsoft Application without giving your username and credential.
This will be a problem because when you open any Microsoft outlook or Microsoft Teams, it will be opened up automatically with that user credential. This will give access to all the confidential information related to that particular user.
This features is very beneficial but what if you have a common PC in the meeting room where you don’t want to store your users credential.
When this pop-up shows up all the user will just click OK without reading the instruction even how much you educate your users.
You cannot depend on your users every times even some follow the rules some will don’t.
When you or any of user accessing the common PCs educate them to Click No, sign in to this app only. This will prevent storing your work or school accounts in the PC.
But you know your users the will forgot all the times. But unfortunately, there is no directly solution available for the system administrator to control this behavior in the office 365 admin center or Microsoft admin center.
There is a uservoice requesting for Microsoft Teams to stop this behavior Please Stop: “Allow my organization to manage my device”. For now you can vote this request so that Microsoft can consider this option to Disable allow my organization to manage my device.
Workaround to Prevent Allow My Organization to Manage My Device using Registry Editor
Likely, you can create one Registry key to prevent this popup from showing when user login in for the first time in new devices.
Step 1: Open Registry Editor
Press Window key button on your keyboard and type registry on the search
Step 2: Navigate to the below location in the registry editor
On the registry editor navigate to this location:
Step 3: Create new Registry Key
Here we have to create a new registry key.
Right click , select New and click DWORD (32-bit) Value
Type Registry Vault Name as = BlockAADWorkplaceJoin
Right click the Registry Key “BlockAADWOrkplaceJoin” and select modify and type value data as 00000001.
That’s it. You have successfully created the registry key to disable Allow My Organization to Manage my Device issue.
Now clear your credential from the PC and try to login again, this time your PC will not show the popup again.
How to Prevent Allow My Organization to Manage My Device using Group Policy
If you have multiple device which need to be configured on. Then the best way is to use the Group Policy option to create the above registry on multiple computer and control it centrally.
Group Policy Management Editor allow us to create a new registry key, or delete, or replace, or update. This can be applied to multiple computer at once. So, that you can centrally control the behaviors.
Step 1: Login to your domain server
Now login to your Domain control, search and open Group Policy Management.
Step 2: Create new or locate to the existing Group Policy
Either create a new Group Policy or open the existing Group Policy in order to create the registry key.
- Expand Computer Configuration/Preference
- Select Registry
- Right Click and Select New
- Click registry Item
In the New Registry Properties configure as below:
- Select Action as Create
- Select Hive as HKEY_LOCAL_MACHINE
- Define Key Path as SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin
- Define Value Name as BlockAADWorkplaceJoin
- Define Value type as REG_DWORD
- Define Value data as 00000001
That’s it. You can now you have create the registry key successfully to prevent allow my organization to manage my device.
How to Remove your Work or School Accounts from the PC
If you wrongly pressed the button Allow my organization to manage my device. Your credential will be store in that PC and the device now managed my your Organization policies.
To configure if your device is already linked to your Organization follow the below steps:
- Open the Setting App by pressing the Windows Key on your Keyboard
- Go to Accounts\Access work or school
In the right side of the screen you will be able to locate the account which use used to sign in the device.
- If your work account is listed here, then select your account and click Disconnect.
Now you have successfully disconnect this device being managed by your organization.