So we already know that Intune on Android doesn't allow the user to add a Google Account to a Work Profile. Painful and silly, but nothing we can do about it until MS removes this restriction.
Taking another approach I've tried using Google's MDM for Android devices which is fine if annoying at having to pay for two different solutions.
However there's no way to make the user's Azure AD account only be usable within a Google managed Work Profile.
This got me thinking about MDM on phones. As far as I can tell, whatever MDM solution you use, you've no way of forcing any other corporate accounts that the user may have to be only available within that work profile.
And as you can only have one work profile, as an Administrator I can either control the Azure AD account on the phone or the Google Account. I can't do both which seems like a massive gap.
If by some miracle you've managed to make everything SSO, you're OK, but given how many companies charge a massive premium if you want to use Azure as SSO, it's often not practical.
Plus you can log into websites with the credentials in the personal part of your phone anyway.
Anyone else run into this? Am I missing something? Or is it just the way it is, MDM is a little Emperors new clothes from a security perspective but simply a convenient way of not crossing the streams between work and personal from an end users perspective?