2,095 questions
The feature that you are trying is not supported at the moment and is design limitation. Only one work account allowed is allowed to use on intune managed device.
Thanks,
eswar
www.eskonr.com
Outlook Managed App restriction on Intune (MAM)
Dilan Nanayakkara
1,111
Reputation points
Hi All,
I have created a MAM policy on Intune and applied two different users, but literally one person is using the both email addresses on his mobile phone(iOS). However, when he tries to add second user account, it will display the below error message.
appreciate the help!
PS: if this is the limitation of MAM policy in Intune, Can we do the same restriction by enrolling the mobile device to the Intune. essentially, we want to block copy paste from outlook to third-party apps like WhatApps, Messenger etc. this is the iOS device and if we want to enroll with Intune, we could go ahead with BYOD-Device Enrollment option in Intune.
Thanks,
Dilan
Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Application management
1,013 questions
Microsoft Security | Intune | Enrollment
1,508 questions
Microsoft Security | Intune | Other
5,571 questions
Accepted answer
-
ESWARARAJU KONETI 2,206 Reputation points MVP Volunteer Moderator2022-05-12T14:00:44.493+00:00 -
Dilan Nanayakkara 1,111 Reputation points
2022-05-12T16:28:08.763+00:00 @ESWARARAJU KONETI Thank you very much for the reply. appreciate if you can help with below concerns.
Our ultimate goal is to restrict copy-paste activities between work and personal applications.
- as per understanding, when we enroll the device without App protection policy, we can add multiple accounts right?
- so when it comes to Android, by default unable to share data between Work and personal profile and this shouldn't be the problem as long as we can add multiple accounts on personal owned work profile enrollment. Is this correct?
- so when it comes to iOS devices, if we choose BYOD-Device enrollment without app protection policies, again we can add multiple accounts right? in this case our challenge is to block copy-paste activates and I saw a settings "Allow copy/paste to be affected by managed open-in" under iOS device restrictions policy, Can we use this settings to block the copy-paste activities?
Thanks,
Dilan
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Crystal-MSFT 53,991 Reputation points Microsoft External Staff2022-05-13T03:51:08.013+00:00 @Dilan Nanayakkara , For your question, here are my answers for the reference:
Q1: as per understanding, when we enroll the device without App protection policy, we can add multiple accounts right?
A1: Yes, you can.Q2: so when it comes to Android, by default unable to share data between Work and personal profile and this shouldn't be the problem as long as we can add multiple accounts on personal owned work profile enrollment. Is this correct?
A2: Yes, By default, the Andrid OS might prevent users from sharing data in the work profile with the personal profile. Data in the personal profile can be shared in the work profile. And not the entire device is managed. Management capabilities only affect the work profile that is created on the device during enrollment. All Android apps and data outside the Android enterprise portion of the device remain personal and under the control of the end user.
https://learn.microsoft.com/en-us/mem/intune/enrollment/android-enterprise-overview#work-profile-management
For the best experience, always sign in to work apps with your work account, and sign in to personal apps with your personal account. Here is a link with more details for the reference:
https://learn.microsoft.com/en-us/mem/intune/user-help/what-happens-when-you-create-a-work-profile-androidQ3: so when it comes to iOS devices, if we choose BYOD-Device enrollment without app protection policies, again we can add multiple accounts right? in this case our challenge is to block copy-paste activates and I saw a settings "Allow copy/paste to be affected by managed open-in" under iOS device restrictions policy, Can we use this settings to block the copy-paste activities?
A3: Yes, for BYOD without app protection policy, in outlook, we can still add multiple work accounts. For the setting "Allow copy/paste to be affected by managed open-in", when I set it as yes and also set "Block viewing corporate documents in unmanaged apps" with yes, deploy outlook via Intune, then the copy paste from outlook to other unmanaged app, the action will be blocked.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios#settings-apply-to-all-enrollment-typesHope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Dilan Nanayakkara 1,111 Reputation points
2022-05-13T14:51:41.307+00:00 @ESWARARAJU KONETI Thank you very much for your extended support.
I have tested the scenario (Q3 and A3), but when I applied the configuration settings "Allow copy/paste to be affected by managed open-in" appeared as not applicable. I have tried both "Block viewing corporate documents in unmanaged apps" and "Block viewing non-corporate documents in corporate apps" and also with only "Block viewing corporate documents in unmanaged apps". the status for "Allow copy/paste to be affected by managed open-in" is not applicable in both cases.
further, I have deployed outlook from Intune as available application. Please refer the below screenshots,
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2022-05-16T02:31:17.407+00:00 @Dilan Nanayakkara , From your description, I know the "Allow copy/paste to be affected by managed open-in" shows not applicable. Here, I would like to confirm if we deploy the outlook via iOS store app like below:
After the outlook which deploy via Intune, is installed, try to check status in company portal to update the device setting to see if it can be applied. Meanwhile, what is our iOS version? On my test device which is working, it is with version as 15.4.1 -
Dilan Nanayakkara 1,111 Reputation points
2022-05-17T01:49:15.3+00:00 @ESWARARAJU KONETI thank you very much for the reply.
Below is my configurations and my iOS version of testing device is 14.7.1.
Further just to know, below scenarios does it consider as a managed or unmanaged app when deploy the application via Intune as Available. however for this testing I have installed Outlook from the company portal.
Install application via Apple store before joining to the Intune?
Install application via Apple store after joining to the Intune (not from company portal) ?thanks again
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2022-05-17T02:50:49.797+00:00 @Dilan Nanayakkara , For the scenarios you provided, it will consider as unmanaged app. To make it as managed app, we need to deploy the app via Intune and install it automatically or in company portal.
Hope it can help.
-
Dilan Nanayakkara 1,111 Reputation points
2022-05-17T05:44:04.27+00:00 @Crystal-MSFT Thank you!
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2022-05-18T01:34:02+00:00 @Dilan Nanayakkara , Thanks for the reply. In your description, I notice in our testing, the outlook is already deployed via Intune and installed via company portal. But it gets not applicable issue. If the issue still persists after we click check status in company portal to update the device setting. I think we need to look into the logs. Please open case to continue the troubleshooting. Here is a link with the steps to open case: for your reference
https://learn.microsoft.com/en-us/mem/get-support -
Dilan Nanayakkara 1,111 Reputation points
2022-05-18T05:04:37.417+00:00 Thank you!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Nick Brown 6 Reputation points2022-06-14T14:42:02.897+00:00 Did you get a resolution to this? I have exactly the same issue.
-
Nick Brown 6 Reputation points
2022-06-14T15:23:22.323+00:00 Looks to me like it doesn't work with user enrolment. I just switched my device from user enrolment to device enrolment and it worked straight away. This is despite the fact that the setting is allegedly supported for all enrolment types, including user enrolment.
-
Dilan Nanayakkara 1,111 Reputation points
2022-06-15T04:56:33.397+00:00 Thank you @Nick Brown
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 51%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)
Govindan Narayanan 1 Reputation point2022-08-23T13:46:46.077+00:00 I agree "Looks to me like it doesn't work with user enrolment." Same its not working for me. Then what should we do with option" Allow copy/paste to be affected by managed open-in for All enrollments" ?
Sign in to comment -