Damn, this was more work for me than I imagined, we still had old restriction policies in place that were never cleaned up that prevented me from enrolling my personal android device initially. But I'm glad to have spent the time to clear that one up now so we can finally prepare to offer a small part of our external userbase access to their email on the go. Internals get a company iPhone. Now, if only Google and Apple learned that people could be working for multiple companies and sometimes require the ability to have multiple work profiles ...
Another great video guys. I struggle to see Corporate Android Devices' point with Work Profile. Would the use case for this be if you want to issue a Corporate Owned device but treat it like BYOD?
Hey guys, great video, thanks for the content! One thing I wasn't quite clear on: what prevents a user from using their work account in their personal folder? For example, if BYOD is set up with two versions of Outlook (one in the personal folder, one in the corporate folder), how can I restrict users from logging into Outlook with their corporate email in the personal folder? They might do this for convenience, but the issue I see is that I wouldn't be able to manage the corporate data in this scenario, which poses a security risk. Edit: I was thinking about using Conditional Access Policies (CAP) to ensure that Outlook only opens if the device is compliant. However, I still don’t see how this would prevent users from using their corporate email in their personal account.
We have this setup as there are a few apps we use that don't work properly in the work profile. Also, pretty sure you could never turn off the work phone mobile number as it would always be intune independent. The only possible way would be giving out a data sim only, which would only work on wifi (which would be very limiting) and using a voip system that is setup in the work profile. The other setup this would be used in, the work profile setup, is bring your own device. Which is somewhat pointless as you can't remove a persons ability to admin their own phone. I've also had a couple of instants where, with intune installed, the work profile has become corrupted and then wiped the whole phone. Would be a nightmare on a BYOD install.
The thing Adam mentioned about the phone number. If you call via a softphone, e.g. Webex of UC communicator you can just disable it with work profile and not getting disturbed.
A demo of w366 with Motorola's ready for feature is definitely a good idea. I can see organizations using that instead of issuing laptops. The. Phone now becomes the thin client just plug into a USBC dock and you are ready to go.
It's not designed for everyone, think of it for road warriors where they can just take a work phone, and plug into a screen for customer demos, where it gets complicated is a travel keyboard/mouse
It appears that on our set up a recent update somewhere has meant that now whenever a user locks their phone it additionally locks the work profile regardless of the inactivity time. This has also affected the behaviour of Work Profile notifications. Now, when the Work Profile is locked, attempting to access a Work notification prompts for the Work Profile unlock but then doesn’t proceed to that Work app. This means that every time the app must be opened separately from the notification. I can't seem to find a way to fix this
This doesn't work for me. As of right now, if I setup the enrollment like you have showen, then add the company portal app to my android and log in, I don't get any of the other setup options like you do, it just takes me to the apps screen and shows me "no app available". I even see a warning in the devices tab under "my andorid". Your device does not meet requirements to enroll and may not be able to gain access to some of the resources.
If you have a Samsung phone use corp versions of deploy. Samsung have installed a lot of apps for personal use and mess up intune big time. I would like to know if you can disable microsoft 365 buisiness acounts so you cant install them in the private area.
Hello guys, is this the new experience or it is because of the device model? When I enroll my Samsung A52 as personal with work profile I can see down in the screen "personal" and "work" in order to switch profile. In your demo the result is very similar with the experience in device admin, where the work apps had that briefcase. I will check if I have the option to turn on and off work app, but I do not think so. Is that a Pixel android 14? Thanks guys
Adam is using a Motorola device. There are some giveaways that Motorola owners know all too well and the most obvious one is the Moto app near the bottom of the home screen.
![How to protect data and secure devices with Intune [App Protection Policy] 📱🔒](/img/n.gif)
Damn, this was more work for me than I imagined, we still had old restriction policies in place that were never cleaned up that prevented me from enrolling my personal android device initially. But I'm glad to have spent the time to clear that one up now so we can finally prepare to offer a small part of our external userbase access to their email on the go. Internals get a company iPhone.
Now, if only Google and Apple learned that people could be working for multiple companies and sometimes require the ability to have multiple work profiles ...
Another great video guys.
I struggle to see Corporate Android Devices' point with Work Profile. Would the use case for this be if you want to issue a Corporate Owned device but treat it like BYOD?
TWO SUPERSTARS 😁🤩😇 WE LOVE YOU GUYS.... I mean in a nice way 😁😁😁
Hey guys, great video, thanks for the content!
One thing I wasn't quite clear on: what prevents a user from using their work account in their personal folder? For example, if BYOD is set up with two versions of Outlook (one in the personal folder, one in the corporate folder), how can I restrict users from logging into Outlook with their corporate email in the personal folder?
They might do this for convenience, but the issue I see is that I wouldn't be able to manage the corporate data in this scenario, which poses a security risk.
Edit: I was thinking about using Conditional Access Policies (CAP) to ensure that Outlook only opens if the device is compliant. However, I still don’t see how this would prevent users from using their corporate email in their personal account.
We have this setup as there are a few apps we use that don't work properly in the work profile. Also, pretty sure you could never turn off the work phone mobile number as it would always be intune independent. The only possible way would be giving out a data sim only, which would only work on wifi (which would be very limiting) and using a voip system that is setup in the work profile.
The other setup this would be used in, the work profile setup, is bring your own device. Which is somewhat pointless as you can't remove a persons ability to admin their own phone. I've also had a couple of instants where, with intune installed, the work profile has become corrupted and then wiped the whole phone. Would be a nightmare on a BYOD install.
The thing Adam mentioned about the phone number.
If you call via a softphone, e.g. Webex of UC communicator you can just disable it with work profile and not getting disturbed.
I have zebra android scanners, and I was wondering about the dedicated management of these systems as they are focused tasks.
A demo of w366 with Motorola's ready for feature is definitely a good idea. I can see organizations using that instead of issuing laptops. The. Phone now becomes the thin client just plug into a USBC dock and you are ready to go.
Some might, but our users would hate it.
It's not designed for everyone, think of it for road warriors where they can just take a work phone, and plug into a screen for customer demos, where it gets complicated is a travel keyboard/mouse
It appears that on our set up a recent update somewhere has meant that now whenever a user locks their phone it additionally locks the work profile regardless of the inactivity time.
This has also affected the behaviour of Work Profile notifications. Now, when the Work Profile is locked, attempting to access a Work notification prompts for the Work Profile unlock but then doesn’t proceed to that Work app. This means that every time the app must be opened separately from the notification.
I can't seem to find a way to fix this
This doesn't work for me. As of right now, if I setup the enrollment like you have showen, then add the company portal app to my android and log in, I don't get any of the other setup options like you do, it just takes me to the apps screen and shows me "no app available". I even see a warning in the devices tab under "my andorid". Your device does not meet requirements to enroll and may not be able to gain access to some of the resources.
If you have a Samsung phone use corp versions of deploy. Samsung have installed a lot of apps for personal use and mess up intune big time. I would like to know if you can disable microsoft 365 buisiness acounts so you cant install them in the private area.
Hello guys, is this the new experience or it is because of the device model? When I enroll my Samsung A52 as personal with work profile I can see down in the screen "personal" and "work" in order to switch profile.
In your demo the result is very similar with the experience in device admin, where the work apps had that briefcase.
I will check if I have the option to turn on and off work app, but I do not think so. Is that a Pixel android 14? Thanks guys
Adam is using a Motorola device. There are some giveaways that Motorola owners know all too well and the most obvious one is the Moto app near the bottom of the home screen.
What is the mobile device minimum storage requirement?
Apparently My device does not meet the company requirements. Is there any way to find out what requirement it doesn't meet?
I get same issue. Please let me know if you find a solution👍
Look at the compliant policy applied to android devices. Look at the configuration there.