Tech Accelerator: Microsoft Intune Suite
Apr 11 2023 08:00 AM - Apr 12 2023 11:00 AM (PDT)

Can't add Google accounts to Android work profiles when managed by Intune

New Contributor

Hello all,


Wondering if others have run into this issue and have been able to find a workaround.


An organization I'm working with is using Google Enterprise for mail services instead of Office 365 / Exchange Online, but they want to leverage Microsoft Intune to manage BYOD Android devices.


What we're finding is that, once the device is enrolled in Intune, the ability to add Google accounts to the work profile is blocked.


In the OS' account settings for the work profile the ability to add Google accounts is grayed out. For apps installed via the managed Play Store, such as GMail, attempting to add a Google account results in a message that the "action is not allowed" and "this action is disabled". 


The result of this is Android users are unable to access their enterprise mail or other Google Enterprise services from their Android work profiles.


Other accounts, such as Hotmail or Yahoo, can be added without issue. All applicable configuration profiles and compliance settings have been removed from the device+user, and so far we haven't been able to identify any policies or settings that would only be restricting the addition of Google accounts.


My initial thought is maybe Intune inherently blocks the ability to add additional Google accounts because all enrolled Android devices share a common managed Google Play account, but I might be missing something.


Is this a known issue / limitation with Intune and Android work profiles?


Appreciate the assist.



27 Replies



I've just run into exactly the same problem. We don't fully use Google like you do, but we do have a G-Suite set up so everyone can have a company Google account with authentication from Azure so you get all the benefits of signing into Chrome, SSO on sites that don't support Azure, etc.


Anyway, the closest setting I can find is "Add and remove accounts" in Device Configuration Profiles/Work Profile settings but that only has the option of Block and Not Configured.


If users can't sign into Chrome on Android it makes it all pretty useless.


I raised a ticket with Microsoft and spoke to an Intune Tech Lead. They're saying it's by design as Google accounts as personal and not for adding to work profiles.

Expressed a lot of disbelief and they'll get back to me...

best response confirmed by NotMacGyver (New Contributor)

Hi @NotMacGyver I wanted to confirm that this is By-Design. Intune blocks the user from manually adding Google accounts to the Work Profile, and unfortunately there is no workaround.

@Matthew Butcher This makes Intune completely useless to anyone using G-Suite.

@Matthew Butcher Let's try another approach.

If there's no way of a user MANUALLY adding a G-Suite account, is there any way for the administrator to associate an Azure AD user with the Google account so it's there in the work profile by default?


We already sync Azure AD to G-Suite and use AAD for authentication for Google so this whole setup is supported (at least in one direction) so not allowing that sync'd Google account to be used from a Work Profile is a little odd to say the least.

Hi @OffColour1972, unfortunately we do not have a way to do this today.

So I stand by my comment that Intune is completely useless as you've deliberately crippled it to block Google accounts.

@OffColour1972is there anything new with Android 11?

there was a google devops talk last week, where someone had the same question. 

The answer was, that there will be a new feature that will give us the possibility to assign an ou to a identity provider. 

If we combine that with android 11 company owned devices that have work profiles on it, a login in gsuite apps will work. 

I hope this will happen 

If the user installs Gmail from the personal Playstore he will be able to log in, but as said only on the personal space. Its not ideal but a workaround for now.
Has this issue been corrected yet? One of our customers uses Google Enterprise, and I am unable to join their "Meet" conferences without logging in to a Google recognized account. This prevents me from communicating with my customer and makes the Google Meet application useless under the business profile of Intune.


Google Enterprise Users are able to send invitations that do not require an Google Account to join 

Any updates on this, it's crazy that users can't use google calendar, google meet and other apps like google assistant in the work profile when their BYOD are managed with intune

@cd3co No, still the same.

TBH we are testing the Google MDM at the moment and the only thing that seems to be a bigger problem are managed apple IDs. Once this solved, we will move to google. 

It's really frustrating ...

I've recently encountered the same issue, it does seem ridiculous! As @OffColour1972 says, it renders Intune useless to Android users of Google Workspace!

I believe this User Voice idea this Microsoft Feedback Portal idea relates to this issue.

Please feel free to add your votes to get it fixed!

We ran into similar problem, and also think that Intune is completely not useful as you've deliberately crippled it to block Google accounts. Kindly review this in the future
We were also trying to add account in google meet work profile. But, unable to add.

@Mebin260 We have got this working now, using End Point Manager, App configuration policy, which then allows you to set a rule to overide the security policy.  Not sure that is the best idea, but it works.


We have dedicated home screens so that secures the device for us.



@PaulM2115 Could you please let us know the steps how did you managed to add account in google meet?

We are also using Intune, under app protection policies i didn't find anything w.r.t "google meet"


Plus, what is dedicated home screen??


Thank you so much inadvance