For LastPass business accounts where users are permitted to link personal accounts, it should be possible to define a policy with a list of domains that are not permitted to be stored in the personal account and can only be stored in the business account. Basically, suppose our company uses both example.com and contoso.com as valid email domain/user domain aliases. I would like to define a LastPass policy that does not permit organizational users with linked personal accounts to store an item with username firstname.lastname@example.org or email@example.com to their linked personal account. I see that there is already a policy that does something similar to this but has other behavior I don't want to enforce. The policy "Set default account for new sites" does allow administrators to define a list of domains that should be stored in the enterprise account; however, it also forces all other domains to be stored in the personal account. I want to do the opposite, essentially: force all domains listed to be in the enterprise account, but permit other domains not listed to be stored in either account (but not interfering with the functionality from the "Save personal sites to personal vault" policy, if enabled).
... View more