With a new permission setting in the back-office (previous interface) you can deny end-users access to the back-office/management interface.

Be careful with this setting, since you can lock yourselves out.

You could add this permission to the role member. But first make sure the administrators group and individuals in the group do not have member role assigned.

This way you would exclude end-users to sign-in to the now called management interface.