We currently block the use of google accounts completely in the work profiles (all 3 Android Enrollment types). We do setup google accounts in chrome using the user's O365 email addresses (so if the Employee leaves, we can change the google password by sending a forgot password to the email).
The issue we have is some Google Apps and Services require a Google Account and would be nice to sync the Chrome favourites and passwords to the mobile devices.
- If we do allow google accounts, can we prevent them from adding any personal google accounts ie only allowing our @domain.ca email addresses?
- Can we prevent the backups to just things we approve of in InTune (for eample, only backup SMS and Phone Log but nothing else)?
- Is there a better way to do this? Is there a way to control or "integrate" google business accounts (which we don't have setup or use) with Azure/InTune so if an Employee leaves, we can disable their google account?
- We have the same issue with Samsung devices where we can block the additional of Google Accounts completely but they can still create and add a personal Samsung Account thus locking us out of the phone and letting them backup data from the device.