cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Can't add Google accounts to Android work profiles when managed by Intune

NotMacGyver
Copper Contributor

‎Dec 12 2019 11:44 AM

‎Dec 12 2019 11:44 AM

Can't add Google accounts to Android work profiles when managed by Intune

Hello all,

 

Wondering if others have run into this issue and have been able to find a workaround.

 

An organization I'm working with is using Google Enterprise for mail services instead of Office 365 / Exchange Online, but they want to leverage Microsoft Intune to manage BYOD Android devices.

 

What we're finding is that, once the device is enrolled in Intune, the ability to add Google accounts to the work profile is blocked.

 

In the OS' account settings for the work profile the ability to add Google accounts is grayed out. For apps installed via the managed Play Store, such as GMail, attempting to add a Google account results in a message that the "action is not allowed" and "this action is disabled". 

 

The result of this is Android users are unable to access their enterprise mail or other Google Enterprise services from their Android work profiles.

 

Other accounts, such as Hotmail or Yahoo, can be added without issue. All applicable configuration profiles and compliance settings have been removed from the device+user, and so far we haven't been able to identify any policies or settings that would only be restricting the addition of Google accounts.

 

My initial thought is maybe Intune inherently blocks the ability to add additional Google accounts because all enrolled Android devices share a common managed Google Play account, but I might be missing something.

 

Is this a known issue / limitation with Intune and Android work profiles?

 

Appreciate the assist.

 

 

53.3K Views
3 Likes
40 Replies
Reply
40 Replies
OffColour1972

‎Dec 13 2019 01:30 AM

‎Dec 13 2019 01:30 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@NotMacGyver

 

I've just run into exactly the same problem. We don't fully use Google like you do, but we do have a G-Suite set up so everyone can have a company Google account with authentication from Azure so you get all the benefits of signing into Chrome, SSO on sites that don't support Azure, etc.

 

Anyway, the closest setting I can find is "Add and remove accounts" in Device Configuration Profiles/Work Profile settings but that only has the option of Block and Not Configured.

 

If users can't sign into Chrome on Android it makes it all pretty useless.

2 Likes
Reply
OffColour1972

‎Dec 17 2019 07:43 AM

‎Dec 17 2019 07:43 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@NotMacGyver 

I raised a ticket with Microsoft and spoke to an Intune Tech Lead. They're saying it's by design as Google accounts as personal and not for adding to work profiles.

Expressed a lot of disbelief and they'll get back to me...

2 Likes
Reply
best response confirmed by NotMacGyver (Copper Contributor)
Matthew Butcher

‎Dec 17 2019 08:45 AM

‎Dec 17 2019 08:45 AM

Solution

Re: Can't add Google accounts to Android work profiles when managed by Intune

Hi @NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.

2 Likes
Reply
OffColour1972

‎Dec 17 2019 09:15 AM

‎Dec 17 2019 09:15 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@Matthew Butcher This makes Intune completely useless to anyone using G-Suite.

2 Likes
Reply
OffColour1972

‎Dec 17 2019 09:36 AM - edited ‎Dec 17 2019 09:38 AM

‎Dec 17 2019 09:36 AM - edited ‎Dec 17 2019 09:38 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@Matthew Butcher Let's try another approach.

If there's no way of a user MANUALLY adding a G-Suite account, is there any way for the administrator to associate an Azure AD user with the Google account so it's there in the work profile by default?

 

We already sync Azure AD to G-Suite and use AAD for authentication for Google so this whole setup is supported (at least in one direction) so not allowing that sync'd Google account to be used from a Work Profile is a little odd to say the least.

1 Like
Reply
Matthew Butcher

‎Dec 17 2019 09:42 AM

‎Dec 17 2019 09:42 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

Hi @OffColour1972, unfortunately we do not have a way to do this today.

1 Like
Reply
OffColour1972

‎Dec 17 2019 09:47 AM

‎Dec 17 2019 09:47 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

So I stand by my comment that Intune is completely useless as you've deliberately crippled it to block Google accounts.
1 Like
Reply
PatStone

‎Oct 13 2020 06:59 AM

‎Oct 13 2020 06:59 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@OffColour1972is there anything new with Android 11?

1 Like
Reply
PatStone

‎Nov 02 2020 10:57 AM

‎Nov 02 2020 10:57 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

there was a google devops talk last week, where someone had the same question. 

The answer was, that there will be a new feature that will give us the possibility to assign an ou to a identity provider. 

If we combine that with android 11 company owned devices that have work profiles on it, a login in gsuite apps will work. 

I hope this will happen 

0 Likes
Reply
jeschka2155

‎Mar 10 2021 07:56 AM

‎Mar 10 2021 07:56 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

If the user installs Gmail from the personal Playstore he will be able to log in, but as said only on the personal space. Its not ideal but a workaround for now.
0 Likes
Reply
ITCoffeeAddict

‎Apr 01 2021 10:31 AM

‎Apr 01 2021 10:31 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

Has this issue been corrected yet? One of our customers uses Google Enterprise, and I am unable to join their "Meet" conferences without logging in to a Google recognized account. This prevents me from communicating with my customer and makes the Google Meet application useless under the business profile of Intune.
0 Likes
Reply
PatStone

‎Apr 01 2021 11:11 AM

‎Apr 01 2021 11:11 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@ITCoffeeAddict 

Google Enterprise Users are able to send invitations that do not require an Google Account to join 

0 Likes
Reply
cd3co

‎May 10 2021 01:53 PM

‎May 10 2021 01:53 PM

Re: Can't add Google accounts to Android work profiles when managed by Intune

Any updates on this, it's crazy that users can't use google calendar, google meet and other apps like google assistant in the work profile when their BYOD are managed with intune
0 Likes
Reply
PatStone

‎May 10 2021 11:29 PM

‎May 10 2021 11:29 PM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@cd3co No, still the same.

TBH we are testing the Google MDM at the moment and the only thing that seems to be a bigger problem are managed apple IDs. Once this solved, we will move to google. 

It's really frustrating ...

0 Likes
Reply
jakedee

‎Sep 03 2021 07:10 AM - edited ‎Feb 07 2022 06:25 AM

‎Sep 03 2021 07:10 AM - edited ‎Feb 07 2022 06:25 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

I've recently encountered the same issue, it does seem ridiculous! As @OffColour1972 says, it renders Intune useless to Android users of Google Workspace!


I believe this User Voice idea this Microsoft Feedback Portal idea relates to this issue.

Please feel free to add your votes to get it fixed!

0 Likes
Reply
omaderemi

‎Feb 07 2022 06:13 AM

‎Feb 07 2022 06:13 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

We ran into similar problem, and also think that Intune is completely not useful as you've deliberately crippled it to block Google accounts. Kindly review this in the future
0 Likes
Reply
Mebin260

‎Jun 06 2022 02:25 AM

‎Jun 06 2022 02:25 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

We were also trying to add account in google meet work profile. But, unable to add.
0 Likes
Reply
PaulM2115

‎Jun 09 2022 02:12 AM - edited ‎Jun 09 2022 02:51 AM

‎Jun 09 2022 02:12 AM - edited ‎Jun 09 2022 02:51 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@Mebin260 We have got this working now, using End Point Manager, App configuration policy, which then allows you to set a rule to overide the security policy.  Not sure that is the best idea, but it works.

 

We have dedicated home screens so that secures the device for us.

 

Thanks

1 Like
Reply
Mebin260

‎Jun 10 2022 11:54 AM

‎Jun 10 2022 11:54 AM

Re: Can't add Google accounts to Android work profiles when managed by Intune

@PaulM2115 Could you please let us know the steps how did you managed to add account in google meet?

We are also using Intune, under app protection policies i didn't find anything w.r.t "google meet"

 

Plus, what is dedicated home screen??

 

Thank you so much inadvance

 

 

 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by NotMacGyver (Copper Contributor)
Matthew Butcher

‎Dec 17 2019 08:45 AM

‎Dec 17 2019 08:45 AM

Solution

Re: Can't add Google accounts to Android work profiles when managed by Intune

Hi @NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.

View solution in original post

2 Likes
Reply