Forum Discussion

AlanBinHu's avatar
AlanBinHu
Copper Contributor
Sep 01, 2021

App Protection Policies not support multiple accounts/profiles in Microsoft Teams apps

We would like to use MAM-WE (MAM without Enrollment) to manage Teams client on iOS/Android/Windows10, however with Teams' multiple account support, users can have one work/school account and a personal account in Teams app and the app protection policy will restrict the app without checking which account is currently active.

 

Wonder if there is a solution?

Mobile Application Management (MAM)
  • Mr_Helaas's avatar
    Mr_Helaas
    Dec 04, 2021

    Hi AlanBinHu

     

    Multi-identity applications like teams allow users to add multiple accounts. Intune Apps supports only one managed account. Intune Apps does not limit the number of unmanaged accounts. 

     

    As defined in the below Microsoft documentation

    iOS/iPadOS apps with app protection policies | Microsoft Docs

    Android apps with app protection policies | Microsoft Docs

     

    But if you change between the profile the restriction e.g. copy/pasta will also change.

    If you configure to block copy/pasta to unmanged app it is not possible for the manage profile, but the unmanaged account is able to copy and pasta to all apps. 

     

    PIN prompt
    Intune prompts for the user's app PIN when the user is about to access "corporate" data. In multi-identity apps such as Word, Excel, or PowerPoint, the user is prompted for their PIN when they try to open a "corporate" document or file. In single-identity apps, such as line-of-business apps managed using the Intune App Wrapping Tool, the PIN is prompted at launch, because the Intune SDK knows the user's experience in the app is always "corporate".

     

    All is defined in the following Microsoft documentation:

    App protection policies overview - Microsoft Intune | Microsoft Docs

     

    With kind regards,

     

    Rene

     

     

  • Mr_Helaas's avatar
    Mr_Helaas
    Steel Contributor
    Dec 04, 2021

    Hi AlanBinHu

     

    Multi-identity applications like teams allow users to add multiple accounts. Intune Apps supports only one managed account. Intune Apps does not limit the number of unmanaged accounts. 

     

    As defined in the below Microsoft documentation

    iOS/iPadOS apps with app protection policies | Microsoft Docs

    Android apps with app protection policies | Microsoft Docs

     

    But if you change between the profile the restriction e.g. copy/pasta will also change.

    If you configure to block copy/pasta to unmanged app it is not possible for the manage profile, but the unmanaged account is able to copy and pasta to all apps. 

     

    PIN prompt
    Intune prompts for the user's app PIN when the user is about to access "corporate" data. In multi-identity apps such as Word, Excel, or PowerPoint, the user is prompted for their PIN when they try to open a "corporate" document or file. In single-identity apps, such as line-of-business apps managed using the Intune App Wrapping Tool, the PIN is prompted at launch, because the Intune SDK knows the user's experience in the app is always "corporate".

     

    All is defined in the following Microsoft documentation:

    App protection policies overview - Microsoft Intune | Microsoft Docs

     

    With kind regards,

     

    Rene

     

     

Resources