At a recent Office 365 overview presentation I was asked if there was a way to disable the connected accounts feature of Exchange Online. Connected accounts enables a user to link other email accounts into their Exchange Online inbox so they can view and manage all of their email from a single location. This can be a very useful feature but in some organizations the administrators may wish to avoid having other email (including from personal email accounts) from being mixed with official business email.
Exchange Online enables an organization’s administrator to create custom user role policies which can limit what features a person can use. A Default Role Assignment Policy is created upon the provisioning of Exchange Online. This policy enables all roles for a user and is the default policy assigned when you initially create new users. To remove the ability to create connected accounts a new user role policy will need to be created.
- Log into the Office 365 portal using an account that has permissions to manage the Exchange Online settings.
- Go to the Roles & Auditing section and choose the User Roles option.
- Click on the New button and fill out the required policy name field. You may also provide a description for your new policy.
- Place check marks next to each of the roles you wish to enable for this policy. To disable the connected accounts feature make sure you do not check the MyMailSubscription role.
- Click on the Save button to save the new role assignment policy.
Now that you have a new policy it is time to assign it to a user:
- In the Exchange Online admin portal, choose the User & Groups menu option. You should now see a list of user mailboxes.
- Select the user that you wish to modify and then click the details button.
- Expand the Mailbox Settings group and select the new role assignment policy you just created.
- Click on the Save button to update the user’s settings. The user now is unable to add connected email accounts.
To verify that the policy is working as expected you will need to have the user log into the Outlook Web App and check their options. In the options section with the account menu selected the user should see My Account and Connected Accounts.
When the user clicks on Connect Accounts they should now only see the ability to forward their email to another address.
If the MyMailSubscription role is not disabled the user will see the ability to configure the connected accounts along with setting up email forwarding.