Outlook Managed App restriction on Intune (MAM)

Dilan Nanayakkara 1,111 Reputation points
2022-05-12T13:00:45.457+00:00

Hi All,

I have created a MAM policy on Intune and applied two different users, but literally one person is using the both email addresses on his mobile phone(iOS). However, when he tries to add second user account, it will display the below error message.

201474-image.jpg

appreciate the help!

PS: if this is the limitation of MAM policy in Intune, Can we do the same restriction by enrolling the mobile device to the Intune. essentially, we want to block copy paste from outlook to third-party apps like WhatApps, Messenger etc. this is the iOS device and if we want to enroll with Intune, we could go ahead with BYOD-Device Enrollment option in Intune.

Thanks,
Dilan

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Application management
Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

Accepted answer
  1. ESWARARAJU KONETI 2,206 Reputation points MVP Volunteer Moderator
    2022-05-12T14:00:44.493+00:00

    The feature that you are trying is not supported at the moment and is design limitation. Only one work account allowed is allowed to use on intune managed device.

    Thanks,
    eswar
    www.eskonr.com

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2022-05-13T03:51:08.013+00:00

    @Dilan Nanayakkara , For your question, here are my answers for the reference:
    Q1: as per understanding, when we enroll the device without App protection policy, we can add multiple accounts right?
    A1: Yes, you can.

    Q2: so when it comes to Android, by default unable to share data between Work and personal profile and this shouldn't be the problem as long as we can add multiple accounts on personal owned work profile enrollment. Is this correct?
    A2: Yes, By default, the Andrid OS might prevent users from sharing data in the work profile with the personal profile. Data in the personal profile can be shared in the work profile. And not the entire device is managed. Management capabilities only affect the work profile that is created on the device during enrollment. All Android apps and data outside the Android enterprise portion of the device remain personal and under the control of the end user.
    https://learn.microsoft.com/en-us/mem/intune/enrollment/android-enterprise-overview#work-profile-management
    For the best experience, always sign in to work apps with your work account, and sign in to personal apps with your personal account. Here is a link with more details for the reference:
    https://learn.microsoft.com/en-us/mem/intune/user-help/what-happens-when-you-create-a-work-profile-android

    Q3: so when it comes to iOS devices, if we choose BYOD-Device enrollment without app protection policies, again we can add multiple accounts right? in this case our challenge is to block copy-paste activates and I saw a settings "Allow copy/paste to be affected by managed open-in" under iOS device restrictions policy, Can we use this settings to block the copy-paste activities?
    A3: Yes, for BYOD without app protection policy, in outlook, we can still add multiple work accounts. For the setting "Allow copy/paste to be affected by managed open-in", when I set it as yes and also set "Block viewing corporate documents in unmanaged apps" with yes, deploy outlook via Intune, then the copy paste from outlook to other unmanaged app, the action will be blocked.
    https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios#settings-apply-to-all-enrollment-types

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.