How to block the 'Add Account' option in Microsoft Edge using GPOs

Question

Currently working on our group policy for switching over from Chrome to Microsoft Edge to better utilize some of the O365 features with profile syncing. Have most of what I need setup but it has been requested to block signing in to additional accounts outside of a user's work account. As you can see in the screenshot, the work O365 accounts are forced to sign in and automatically syncing:

I am trying to determine a way to now block the Add Account option that you see highlighted. Have tried a few policies and would prefer to not have to push registry settings either. Anyone have any clue which GPO's need to be applied to block the use of additional accounts?

Answer 1

Hello

To block the “Add Account” option in Microsoft Edge using Group Policy Objects (GPOs), follow these steps:

Download and Install the Microsoft Edge Administrative Template:

This template adds rules and settings for Microsoft Edge to the group policy Central Store in your Active Directory domain.

Alternatively, you can add these rules and settings to the Policy Definition template folder on individual computers and then configure specific policies.

To block the “Add Account” option in Microsoft Edge using Group Policy Objects (GPOs), you have a couple of options:

Software Restriction Policies (SRP):

You can use SRP to block the execution of Microsoft Edge. However, it’s important to note that Edge is tightly integrated into the OS, so completely blocking it might be challenging.

Try creating an SRP rule that disallows launching C:\Windows\SystemApps\Microsoft.MicrosoftEdge*. Apply this rule to both computer and user accounts.

Make sure the updated GPO is applied to the machine after making changes.

Group Policy Management Editor (GPMC):

Open the GPMC and navigate to Administrative Templates > Microsoft Edge > Extensions.

Select Configure extension management settings.

Enable the policy and specify the permissions you want (allowed or blocked) using a JSON string that gets compressed.

[Use group policies to manage Microsoft Edge extensions | Microsoft Learn](https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-manage-extensions-policies&data=05%7C02%7Cwesleyl%40wicresoft.com%7C85b7d9188ef54e1a179708dc84b1afd2%7Cb2ae8dd9097749768706861b488b1512%7C0%7C0%7C638531145939651091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=10oq31m5LwvCRKXUMin%2BCpdKr15HRwF33%2BUOy0L%2FEV0%3D&reserved=0"原始 URL: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-manage-extensions-policies。如果你信任此链接, 请单击或点击。")

Accounts: Block Microsoft accounts:

In the Local Group Policy Editor, go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Enable the policy named “Accounts: Block Microsoft accounts” to prevent users from adding Microsoft accounts.

[gpedit - "Accounts: Block Microsoft accounts" - Users can't add or log - Microsoft Community](https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fall%2Fgpedit-accounts-block-microsoft-accounts-users%2Ff4a2b3e2-eb55-4af4-b469-592c69a02841&data=05%7C02%7Cwesleyl%40wicresoft.com%7C85b7d9188ef54e1a179708dc84b1afd2%7Cb2ae8dd9097749768706861b488b1512%7C0%7C0%7C638531145939661662%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MSxMEQkrBc%2FwApT8er744ZH0qT9%2Br0O5wuVpErUHeDo%3D&reserved=0"原始 URL: https://answers.microsoft.com/en-us/windows/forum/all/gpedit-accounts-block-microsoft-accounts-users/f4a2b3e2-eb55-4af4-b469-592c69a02841。如果你信任此链接, 请单击或点击。")

Test these policies thoroughly in your environment to ensure they achieve the desired results.

Answer 2

Update the admx templates for Edge.

Under the policy, Computer Configuration - Admin templates - Microsoft Edge - Identity and sign-in
There is a new policy setting.

Enable the linked account feature - set that to disable .
Run a gpupdate /force on affected machine. Relaunch edge and the option to Add account - Linked account will be gone.