Android Enterprise - Shared Kiosk mode - remove saved data

Question

I kind of have the feeling this is more a feature request, because I couldn't figure out how to set this up and it probably doesn't even exist.

Setup:
Android Tablets enrolled in Intune setup as Shared Kiosk devices. Users have access to Team, O365 and other apps, access is managed via MFA and app data is removed when users log off.

BUT
If a user saves pictures or takes screenshots, they not get removed. So, if a other user logs in to a device and goes to pictures, that person will see all pictures from other users saved on that device. That's a bit of a security risk as potential confidential data could be leaked that way. I couldn't find anything in any documentation, nothing in the Configuration policies.

Do I miss something?

Thanks for any constructive feedback :)

Answer 1

@Orku5, Thanks for posting in Q&A. After researching, I find when user sign out, app will clean the user data.

https://learn.microsoft.com/en-us/entra/identity-platform/msal-android-shared-devices#shared-device-sign-out-and-the-overall-app-lifecycle For the data stored outside of a given application, it will not be removed.

https://techcommunity.microsoft.com/t5/intune-customer-success/endpoint-manager-supports-sign-out-for-apps-not-optimized-with/ba-p/3034398

For your scenario, you can feedback in the following link to request a feature to clean local data:

https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472

Thanks for your understanding.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.