Forum Discussion

NotMacGyver's avatar
NotMacGyver
Copper Contributor
Dec 12, 2019
Solved

Can't add Google accounts to Android work profiles when managed by Intune

Hello all,   Wondering if others have run into this issue and have been able to find a workaround.   An organization I'm working with is using Google Enterprise for mail services instead of Offic...
Intune
mobile device management (mdm)
  • MatthewButcher's avatar
    MatthewButcher
    Dec 17, 2019

    Hi NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.

JawanL's avatar
JawanL
Copper Contributor
Jan 07, 2023
PaulM2115, that option only seems to appear for "Fully managed, dedicated, and corporate-owned work profile devices" not BYOD devices. And even then there are only options to Block.
  • 777mebin's avatar
    777mebin
    Copper Contributor
    Aug 24, 2023

    CBERNIER 

    Thank you so much.I found the setting.
    But,t here is one option add Domain allow-list. What can we put there to add specifically for google meet application??Screenshot attached.

    If just Allow all accounts is mentioned then User will login to their Gmail and all other account personally which might cause some issue with respect to security.

    Thank you,

  • CBERNIER's avatar
    CBERNIER
    Icon for Microsoft rankMicrosoft
    Aug 14, 2023
    The setting is found under device configurtaion > Android Enterprise
    Profile type = Personally-Owned Work Profile
    Device restrictions > Work profile settings > Add and remove accounts > Allow all accounts types
  • 777mebin's avatar
    777mebin
    Copper Contributor
    Aug 09, 2023
    Hi,
    Im unable to see the "allow all account" types option.where can we actually find this option?
    Thank you in advance!
  • CBERNIER's avatar
    CBERNIER
    Icon for Microsoft rankMicrosoft
    Jul 19, 2023
    That's great news, happy it worked out.
  • TechKeshi's avatar
    TechKeshi
    Copper Contributor
    Jul 19, 2023

    Success!

    I had to create a policy for Microsoft Intune and apply it as per the instructions. The mistake that I made was selecting the wrong non-intuitively named option when I was creating the policy. I needed:

    Platform:

    Android Enterprise

    Profile type: (Personally-Owned Work Profile)
    Device Restrictions

    This was where I then selected:

    Add and remove accounts
    Allow all accounts types


    All's well tht ends well. Thank you for your time.

  • TechKeshi's avatar
    TechKeshi
    Copper Contributor
    Jul 17, 2023

    CBERNIER 

     

    Thanks Courtenay.

     

    For the record of this thread:

     

    Phone is a private, personally owned Google Pixel 7 Pro, latest Android OS. It is effectively a BYOD device.

     

    Within M365, there is a managed Google Play Store setup etc with a bunch of authorised apps.

     

    I get the Company Portal/Intune app and login to it, then follow all the (many many) prompts.

    Low and behold, I now have a 'Work' tab in my app drawer with all the Google Play apps that the company allow.

    One of these is for Google Chrome browser.


    I would like the ability to login to the Google Chrome browser with the Google account I setup using my work email address (so a Google account without a Gmail address) so I can pull through all my bookmarks, settings and passwords into Google Chrome.

    I get why this Google sign-in isn't readily available as Microsoft obviously want people to use Edge. With Android Edge, it pulls through all your Edge synced bookmarks, passwords and MS data.

    If a support request will get me to where I want to be, I shall indeed do that and report back here when I'm successful. Or not. 

    Thanks again.

  • CBERNIER's avatar
    CBERNIER
    Icon for Microsoft rankMicrosoft
    Jul 14, 2023
    Hi, is this for Corporate Owned Personally Enabled? If so, Google accounts are not supported at this time. If you're receiving this on a Personal device with a Work Profile, please create a support request.
  • TechKeshi's avatar
    TechKeshi
    Copper Contributor
    Jul 14, 2023
    Courtenay,

    Thanks for the link.

    When I go through and try to follow the instructions, I eventually end up in the Device Restriction part, and nearly every option says 'Samsung Knox Only'.

    Before I waste any meaningful life-force on this, has anything changed?

    Short of it is, I just want to have a work profile on a Google Pixel Android phone, shoot Google Chrome down the pipe and the allow users to login to Chrome with their Google Accounts so it syncs and pulls through all their bookmarks, passwords etc. Right now, I'm getting the 'Blocked By Your IT Admin' when I tap on the greyed-out 'Google' underneath 'Add an account' (you're using an app outside of your work profile).

    For what it's worth, the reason for this is because no one wants Edge and everyone wants Chrome. They've used their work email addresses to create Google accounts (no gmail but just a Google account attached to the work email address) so they can sync passwords and bookmarks etc.

    Thanks for any further info you might be able to provide.
  • CBERNIER's avatar
    CBERNIER
    Icon for Microsoft rankMicrosoft
    Jul 06, 2023

    DavidFerguson1965 do you have additional details about what doesn't work, screenshots, and logs you can upload to support?

  • DavidFerguson1965's avatar
    DavidFerguson1965
    Copper Contributor
    Jul 03, 2023

    CBERNIER 

    This works and gets us past the next hurdle but it doesn't work with Google accounts that are federated with Azure AD.  

Resources