Share via

Android work profile setting of 'add new user' doesnt work

Npin1202 1 Reputation point
2023-01-10T14:25:38.86+00:00

Hi,

I have an android (13) phone and the configuration profiles are applied to it with the settings of work profile. Now one of the settings in this profile is to block the addition of new users(which is solely a work profile setting).

When the user tested this setting with the phone, he is able to add another account (personal gmail, hotmail, outlook etc) via the outlook application(in work profile) and also able to add the same user account through the settings of the phone too (manage accounts).

Now when I generate report for this device on the config profile I created, the setting of 'Add new users' shows as 'Not applicable'. And despite toggling the other setting where the user cannot modify credentials(again a setting solely for the work profile), this doesnt work.

I have toggled the settings bunch of times, deleted the configuration profile, created a new one; checked for the enrolment : no policies getting applied from there. Wiped the phone, have him re-enrolled. Checked app configuration and protection policies; nothing on that about Add new user policy as such, in the environment. Also tried creating an OEMconfig, but of no help either.

The documentation on this from Microsoft (https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work) is all kind of confusing and its not mentioned clearly what exactly does this setting mean.

Can someone please suggest and help as to what needs to be done here or is it a bug recorded for android OS 13. Appreciate any leads.

Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
242 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 44,411 Reputation points Microsoft Vendor
    2023-01-11T01:52:22.547+00:00

    @Npin1202 , Thanks for posting in Q&A. From your description, it seems you want the outlook to block add new account. If there's any misunderstanding, feel free to let us know.

    I notice you have configured "add new users" as blocked. But it shows not applicable. Please check if your device is corporate-owned work profile.

    Based on my research, I find deploy Organization Allowed Accounts mode can allow only a single corporate account be added to Outlook for iOS and Android. Or you can configure conditional access policy to only allow corporate email to access. You can see more details in the following link: https://learn.microsoft.com/en-au/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/setup-with-modern-authentication#organization-allowed-accounts-mode

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. PinchaNancy-9919 0 Reputation points
    2023-01-11T12:12:40.2033333+00:00

    @Crystal-MSFT thank you for the reply. I want the user to not be able to add any personal account of his on a corporate owned work profile device; via outlook or phone settings.

    If this is a setting in a configuration profile, and I dont want to configure a conditional access for this (which I shouldnt have to provided the setting works), it should work.

    Could you please tell me per the Microsoft documentation for this setting what does this setting Add New User defines. What is the advisory around it? What is it actually talking about please?