Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Jeremy B

My feedback

  1. 62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Ideas » Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Jeremy B commented  · 

    For Android Enterprise - Work profile

    I hope this help anyone in the interim period. You can get both functionalities, sort of, using a workaround solution. Don't use the Work accounts only mode option. Instead, use the Configuration Key "com.microsoft.intune.mam.AllowedAccountUPNs" and include an array of UPN's. See my linked image for exactly what I mean. The screenshot shows "Allowed Accounts" but that is just a cosmetic thing the Intune portal does. It's the key mentioned above that is actually there.

    https://i.imgur.com/daY5nWO.png

    It's not perfect, and it would never scale to cover many users with different requirements. But it does let me restrict to just work accounts, and let's me add Shared mailboxes. If I try to add another account that isn't in the list, it lets me get all the way to and including entering username and password for the account, but before it finalizes, I get the pop-up prompt "Managed Device: Your device is managed by your organization, only a work account can be added. The following accounts will be removed: <email address I just tried to add>"

    Source docs article with the configuration key: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#organization-allowed-accounts-mode-settings-1

    PS. This also works when the user's mailbox is on-premises, minus the Shared mailbox part of course. It stays working through a mailbox migration, at which point the account type switches from "Exchange (Hybrid)" (in my case with HMA setup), to "Office 365". After the migration, I get the Shared mailbox option and it works great, and so does the restricted list of accounts.

    Jeremy B supported this idea  · 
  2. 1,583 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    89 comments  ·  Ideas » App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →

    Confirmed that it is currently by design that conditional access allows only one identity per device at this time. We hear that you need this and we’re looking into it. I’ve changed the title and category to indicate that this is related to conditional access.

    Again, this is just for multiple identities from the same company. If you’re looking for having one device with identities from two different companies for MDM, that idea is here:
    https://microsoftintune.uservoice.com/forums/291681/suggestions/31313071
    And if you’re looking for having multiple identities for MAM, that idea is here: https://microsoftintune.uservoice.com/forums/291681/suggestions/34627435

    An error occurred while saving the comment
    Jeremy B commented  · 

    Well, I guess we'll just forget about this. UserVoice has the problem of interpretation, misunderstanding, and sometimes just indvidual choice to deny feature requests. Somebody's got to open a new one and hope for the best.

    Jeremy B supported this idea  · 

Feedback and Knowledge Base