Jul 13 2020 07:05 AM
First off, I'm referring to the Configuration Key com.microsoft.intune.mam.AllowedAccountUPNs, documented here https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-...
For Android, there is one Configuration Key listed, this one. The page doesn't tell us the value type, though by its name, it seems like it should be an array of strings. When it comes down to using it, we have to set it to String for the type, and then I'm having hit and miss results with the initial account setup. Sometimes, it's letting me setup just the UPN of the current user, and then later I can add additional accounts that are also listed in the array. This is what I would say is the good alternative to the On/Off switch for Organizational Accounts Only Mode.
However, sometimes, new Outlook setups will show all the UPNs in the array, as if it is one string, which obviously doesn't work at all.
I am hoping somebody can help me here with how this key is supposed to work, or not. Anyone have much experience with this that can shed any light?
Thanks in advance.
Jul 13 2020 07:58 AM
SolutionFYI in case anyone else gets in their own way like I do/did...
The answer is that we still use "valueString" as the type, but then we separate UPNs in our list using semicolon instead of comma. I found this info here:
Specifically:
As the Microsoft Intune administrator, you can control which work or school accounts are added to Microsoft apps on managed devices. You can limit access to only allowed organization user accounts and block personal accounts on enrolled devices. For Android devices, use the following key/value pairs in a Managed Devices app configuration policy:
Values:
"Only account(s) allowed are the managed user account(s) defined by this key." is oddly-written but oh well.
Mar 17 2021 12:50 AM
Hi Jeremy,
i've tried to enter the value for the key com.microsoft.intune.mam.AllowedAccountUPNs as described: {{userprincipalname}} , but i get the following error message:
The other keys / values:
Do you have any idea about this?
Regards,
Hannes
Mar 17 2021 06:47 AM
Mar 18 2021 05:14 AM
In the Configuration Designer, do you see work accounts only mode being turned on?
Can you tell me where i can find the Configuration Designer?
Is it the "App configuration policies"?
I have only created an app protection policy and an app configuration policy for Outlook app
Mar 18 2021 09:01 AM
@JohannesW60 In the Properties on your App Configuration Policy for Outlook, that is where I meant. When you edit the Settings, you can choose to use Configuration Designer to see the more GUI-friendly options:
If you change yours to "Use Configuration Designer", do you see "Allow only work or school accounts" setting set to "Enabled"?
Note, when you use Configuration Designer and enable work accounts only mode, it then exposes the JSON key/value pair anyway for the allowed UPNs setting:
So you can then just edit that one key from there, vs using the JSON editor for all settings. You might already be doing this, I just put the screenshots to clarify what is was after. Hopefully this does help.
Mar 19 2021 12:09 AM
that's funny, i don't have those settings avaiable here:
Maybe i don't have enough permissions to see this options?
Jul 19 2021 05:52 AM
Maybe a bit late but I'm getting this error when I try to create a configuration for a "managed app" instead of "managed devices". This is required to serve our Android device administrator enrollments in China. I tried this key value pair to pre-set {{userprincipalname}} as username in the app.
Dec 09 2021 07:27 AM
Jul 13 2020 07:58 AM
SolutionFYI in case anyone else gets in their own way like I do/did...
The answer is that we still use "valueString" as the type, but then we separate UPNs in our list using semicolon instead of comma. I found this info here:
Specifically:
As the Microsoft Intune administrator, you can control which work or school accounts are added to Microsoft apps on managed devices. You can limit access to only allowed organization user accounts and block personal accounts on enrolled devices. For Android devices, use the following key/value pairs in a Managed Devices app configuration policy:
Values:
"Only account(s) allowed are the managed user account(s) defined by this key." is oddly-written but oh well.