Restrict sign in to Teams to accounts in specific tenants

This policy setting allows you to control the accounts that can be used in Teams on managed devices running Windows.

If you enable this policy setting, users will only be allowed to sign in with accounts from Azure Active Directory (Azure AD) tenants that you specify. You can enter a comma separated list of tenant IDs.

The policy setting applies to all ways that the user signs in, including first and additional accounts on versions of Teams that support multiple accounts side by side.

The policy setting is also enforced when users sign out and sign back in.

If you disable or don't configure this policy setting, Teams will continue to allow users to sign in with work or school accounts, or personal Microsoft accounts.

Important: This policy setting only restricts which users can sign in. It does not restrict the ability for users to be invited as a guest in other Azure AD tenants, or switch to tenants they were invited to.

Note: This policy does not apply to Teams web app.

Supported on: At least Windows 7

Tenant IDs:

Registry Pathsoftware\policies\microsoft\office\16.0\teams
Value Namerestrictteamssignintoaccountsfromtenantlist
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)