My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms.  Is this something many companies do?

Yes. Completed agree with your analyst it may lead to data leak as well

I would argue to place your decision on "Need to have". Some of these questions might help you: 
- Does your business need your colleagues to access the personal/web-emails (third-party emails)? If the role do not require such an access by all means turn it off. Many companies in the professional services do that. Philippines, China, India, Latam  are generally the geographies where i reckon such a block happens more.
- Is the company's culture such that it encourages / or has traditionally allowed such a access. Then managing this change of block should be planned/communicated very well
- YES, phishing attacks do happen on email platforms, but what if you allow web-emails using technologies like browser isolation - where the emails open only in a "container", OR limiting any upload/download using URL filters
- You can also consider role based opening (like maybe recruitment or your communications team) and block for all general users

I would recommend creating a notch higher awareness around phishing as you also want to protect the people from phishing irrespective of their machine and then that becomes habit.  help them to help you. Almost akin to the wisdom quote " Give a man a fish, and he will be hungry again tomorrow; teach him to catch a fish, and he will be richer all his life"

Yes.

But there are still plenty of phishing and spear phishing attempts that will come through regular corporate email accounts.

We don't believe in being this restrictive and believe it creates a different problem where the employee starts to blur the lines between business and personal emails since they don't have access to their personal emails. 

The only place I see this necessary is with environments with highly sensitive data. 

We haven't done it, nor are there any plans to do so. My experience is that locking people down leads to more "workarounds" and efforts to subvert what you're trying to accomplish. It also creates a cultural message that you may not want. In high-security or government functions I can see it, but I would be opposed to it. Rather, I would focus on training, protection tools, etc.