 So Mohammed says, hello guys, how can I implement a security policy for Microsoft 365 to stop syncing passwords with Gmail accounts for all employees? So there is a setting underneath settings in the admin panel for the org about syncing with what they're called. Personally sensitive information. Yeah, but there's another one and it might be why it's doing it. Let me, I'm going to pull it up real quick. I can't think of the name of it, but give me one sec here. So under security and privacy, I'm going to set it. Account linking. So allow the users to connect their Azure AD and MSA accounts. Could be called depending on what they're doing. I don't know, but that might be part of it. If they use Bing, but that's only associated to Bing, right? So I don't know. I need a little more information, but that could potentially be part of their root calls. Because FYI, it's turned on by default in every new tenant. So coming from- I also have more questions on it because are we talking the Gmail, the M365 syncing to Gmail accounts. Are we talking also about to there through a browser and is it Edge, and can you do something with your Edge and some of the settings? Is it like there's a lot of things are we talking yet? There's a lot of other component tree that could be going on. We're talking Gmail potentially more than we're talking M365 as well. So actually that is a good, that's your right on because in the profile preferences of like Edge, you can go to the settings and do the automatic profile settings and because that's the identity control, right? That's probably why they're syncing. So you can go out, it's going to be a browser tweak though. Yeah. But that's the user level. Is there anything you can do from a policy security policy level to corporate level? Not if they've already cast it in their browser and the changes there. Unless what you technically at org policy could be sent out. Right. Like a group policy? Yeah. Yeah. So you'd be able to control the app via group policy. We don't know if it's Edge or if it's Chrome or if it's Firefox or whatever. Yeah. What are they using? Yeah. Yeah. So I mean, that's all going to be a policy based on the org or the domain. And it's just going to take away the ability for those to sync between because they introduced that capability. When you install Firefox now it comes up and says, do you want to sync your bookmarks and settings with, and then you can select Chrome. You can select Edge, whatever. So that's something. The question I want to take a little further though is, you're just talking about the browser sharing passwords. What about your employees when they install things like one password? Wait, last pass. Although that was exactly my point. You'd have to also then block access to those domains for those services. Yeah. I am wondering if there's a way you could set a conditional access policy to not prompt to sync. But I don't know if that would work or not. But yeah. I feel like it's going to be more from a policy setting or policy. I think it's more from a governance company policy is what your users are doing with their passwords. Because unless you're going to stop the ability for them to cache passwords, not only in their browser, but also stop them from being able to cache it in a password manager, you're not really solving any problem. You're just kicking one can down the road because it's still going to be an issue. So is the answer to that to require as a company policy to use Authenticator? Well, they use some method that you're okay with, right? Because I mean, every company is going to be different on what they're okay with from a security standpoint. Maybe they don't even have a security team. Maybe this company they work for is just kind of the admins just making it up as they go along. But maybe they have full governance and the audit team has to get involved and the security team has to be involved and all these other legal and everyone else in order to create this policy. Who knows? So you do have some options under conditional access policy to block some browser authentications. And it's something you'd have to play with. You'd have to get like, first it's got to be based off your governance, whatever that says, right? And then pushing it out. I mean, I feel like between a couple of different scenarios between a group policy, conditional access, you could probably get it to a point. I don't, but those are things to try definitely. Definitely things to try. Cause definitely I can turn off. I can say on, for authenticating to another browser and syncing, I can turn that off through a conditional access policy it looks like.