Corporate-owned dedicated device with Azure AD shared mode Supported apps

Copper Contributor

Hi,

 

Case:

Currently I am configuring "Corporate-owned dedicated device with Azure AD shared mode" for a customer.  I am using Samsung Galaxy Tab S7 FE (Android 11). The base configuration works, the authentication against azure AD works, apps are pushed and installed. The Managed Home Screen app works. 

 

Problem:

After logging off the user, the device shows the sign in page. After logging in with a different user the only apps that are really logged out and re login with the new authenticated user are MS Teams and Outlook. However most apps don't sign off/close correctly after logging off/in. For example in Edge the authenticated user is still the first signed in user. Even if I configure "Clear local data in apps not optimized for Shared device mode" in the device restriction profile. 

 

Question:

What apps are supported at the moment and is there a list of apps, and are there going to be more apps available(when)?

And are there any workarounds maybe?

 

Ps. its my first post ;)

6 Replies
For the interested people, I currently have a working solution. At first I used Edge as the default browser. However, I noticed that the browser didn't always close completely after logging off. And the apps listed in the "Clear local data in apps not optimized for Shared device mode" in the configuration profile didn't clear the local data at all. After changing the default browser to Google Chrome and deinstalling the Edge browser, some of the apps did clear the local data after logging off. Not all the apps I wanted to use, for example the SharePoint app didn't work. But the rest of the apps my customer wanted to use are working. (Excel, Office, PowerPoint, Word and Outlook) Still a list of supported apps would be appreciated. ;)
Hi, eventually I only installed 5 Managed Google Play store apps (Google Chrome, Microsoft Office: Edit & Share, Managed Home Screen, Microsoft Teams and the Printix app) and the rest of the apps I pushed are Managed Google Play web links, I even included the Microsoft office apps.(Not MEM Web links) Since my client only used Saas applications this works for me.

Hi @Koen_van_Helmondt,

 

I believe you already have a working scenario for you, but here's some more info;

 

The only apps that actually support shared device mode are Teams and the managed home screen. Be careful with the option "Clear local data in apps not optimized for Shared device mode". Test this thoroughly to make sure there's nothing left behind. (data/usernames/email addresses etc.  

 

Hope this helps

Oktay

Currently testing this MSAL solution with Workspace One and it’s Managed Home Screen equivalent (I have also experienced what you are talking about with managed Home Screen and Intune. Although WS1 does a better job at killing the app cache for apps Edge browser still gets hung up on User 1 when User 2 signs in. I am resorting to starting Teams up just to get The Android work account to where I want them before allowing the user to open Edge. Edge needs to be a part of the solution and needs to support shared device mode better than it does. Chrome browser is fine but you lose some of the SSO integrations.
Interesting behavior change with newest release of Edge for Android. When in shared device mode and with Edge app policy set to userprincipalname, edge no longer displays the logged in user account list which causes the most headaches. However, if you input the logged in user Edge will still SSO. Getting closer….