SOLVED

App Protection Policies not support multiple accounts/profiles in Microsoft Teams apps

New Contributor

We would like to use MAM-WE (MAM without Enrollment) to manage Teams client on iOS/Android/Windows10, however with Teams' multiple account support, users can have one work/school account and a personal account in Teams app and the app protection policy will restrict the app without checking which account is currently active.

 

Wonder if there is a solution?

1 Reply
best response confirmed by AlanBinHu (New Contributor)
Solution

Hi @AlanBinHu

 

Multi-identity applications like teams allow users to add multiple accounts. Intune Apps supports only one managed account. Intune Apps does not limit the number of unmanaged accounts. 

 

As defined in the below Microsoft documentation

iOS/iPadOS apps with app protection policies | Microsoft Docs

Android apps with app protection policies | Microsoft Docs

 

But if you change between the profile the restriction e.g. copy/pasta will also change.

If you configure to block copy/pasta to unmanged app it is not possible for the manage profile, but the unmanaged account is able to copy and pasta to all apps. 

 

PIN prompt
Intune prompts for the user's app PIN when the user is about to access "corporate" data. In multi-identity apps such as Word, Excel, or PowerPoint, the user is prompted for their PIN when they try to open a "corporate" document or file. In single-identity apps, such as line-of-business apps managed using the Intune App Wrapping Tool, the PIN is prompted at launch, because the Intune SDK knows the user's experience in the app is always "corporate".

 

All is defined in the following Microsoft documentation:

App protection policies overview - Microsoft Intune | Microsoft Docs

 

With kind regards,

 

Rene