Forum Discussion
Disallow O365 access from 'outside' of the Android for Work work profile?
it seems to make the separation of the work profile completely pointless if you cannot stop users from accessing company data from (the same) apps that they have installed in their personal profile.
We have a work profile setup, with outlook and the other office apps installed, which we can manage and wipe if needed, but there seems to be no way to prevent the user from also installing the same apps in the personal profile and then directly accessing the company data from those with, no way of controlling it (yes i know we could use MAM, but then why bother with the work profile at all)
The original post/reply is from some time ago now so I'm hoping Microsoft might have improved the situation since then with new options or policies etc to control this?
Hey i'm having the same issue
cant see the point working with "work profile" as long as the user can use the same app on personal profile . It makes no sense
365 must change that
- We use compliance policies and Conditional Access to address this. The personal side of the device is never considered compliant so CA stops them from ever signing into something like Outlook on the personal side of their device.
We normally create multiple compliance policies for each os etc. This one is an example of an android workprofile compliance policy
When this is configurede you could create an CA policy something like this
*Target the proper platforms:
*Target the client apps
*Of course select the users 🙂 and make sure you create an exclusion group for every ca policy you make
*Target the apps (or choose office 365)
*And to make sure to require compliant devices
