Forum Discussion
Can't add Google accounts to Android work profiles when managed by Intune
Hello all,
Wondering if others have run into this issue and have been able to find a workaround.
An organization I'm working with is using Google Enterprise for mail services instead of Office 365 / Exchange Online, but they want to leverage Microsoft Intune to manage BYOD Android devices.
What we're finding is that, once the device is enrolled in Intune, the ability to add Google accounts to the work profile is blocked.
In the OS' account settings for the work profile the ability to add Google accounts is grayed out. For apps installed via the managed Play Store, such as GMail, attempting to add a Google account results in a message that the "action is not allowed" and "this action is disabled".
The result of this is Android users are unable to access their enterprise mail or other Google Enterprise services from their Android work profiles.
Other accounts, such as Hotmail or Yahoo, can be added without issue. All applicable configuration profiles and compliance settings have been removed from the device+user, and so far we haven't been able to identify any policies or settings that would only be restricting the addition of Google accounts.
My initial thought is maybe Intune inherently blocks the ability to add additional Google accounts because all enrolled Android devices share a common managed Google Play account, but I might be missing something.
Is this a known issue / limitation with Intune and Android work profiles?
Appreciate the assist.
Hi NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.
- OffColour1972Brass Contributor
I've just run into exactly the same problem. We don't fully use Google like you do, but we do have a G-Suite set up so everyone can have a company Google account with authentication from Azure so you get all the benefits of signing into Chrome, SSO on sites that don't support Azure, etc.
Anyway, the closest setting I can find is "Add and remove accounts" in Device Configuration Profiles/Work Profile settings but that only has the option of Block and Not Configured.
If users can't sign into Chrome on Android it makes it all pretty useless.
- OffColour1972Brass Contributor
I raised a ticket with Microsoft and spoke to an Intune Tech Lead. They're saying it's by design as Google accounts as personal and not for adding to work profiles.
Expressed a lot of disbelief and they'll get back to me...
- MatthewButcherMicrosoft
Hi NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.
- OffColour1972Brass Contributor
MatthewButcher This makes Intune completely useless to anyone using G-Suite.
- OffColour1972Brass Contributor
MatthewButcher Let's try another approach.
If there's no way of a user MANUALLY adding a G-Suite account, is there any way for the administrator to associate an Azure AD user with the Google account so it's there in the work profile by default?
We already sync Azure AD to G-Suite and use AAD for authentication for Google so this whole setup is supported (at least in one direction) so not allowing that sync'd Google account to be used from a Work Profile is a little odd to say the least.
- MatthewButcherMicrosoft
Hi OffColour1972, unfortunately we do not have a way to do this today.
- ITCoffeeAddictCopper ContributorHas this issue been corrected yet? One of our customers uses Google Enterprise, and I am unable to join their "Meet" conferences without logging in to a Google recognized account. This prevents me from communicating with my customer and makes the Google Meet application useless under the business profile of Intune.
- PatStoneCopper Contributor
Google Enterprise Users are able to send invitations that do not require an Google Account to join
- jakedeeCopper Contributor
I've recently encountered the same issue, it does seem ridiculous! As OffColour1972 says, it renders Intune useless to Android users of Google Workspace!
I believethis User Voice ideathis Microsoft Feedback Portal idea relates to this issue.
Please feel free to add your votes to get it fixed! - omaderemiBrass ContributorWe ran into similar problem, and also think that Intune is completely not useful as you've deliberately crippled it to block Google accounts. Kindly review this in the future
- Mebin260Copper ContributorWe were also trying to add account in google meet work profile. But, unable to add.
- PaulM2115Copper Contributor
Mebin260 We have got this working now, using End Point Manager, App configuration policy, which then allows you to set a rule to overide the security policy. Not sure that is the best idea, but it works.
We have dedicated home screens so that secures the device for us.
Thanks