Setting up MDM and got a few queries on the BYOD side with regards to Android phones. I have managed to enrol Android phones and it creates the works container. That is all fine but the issue I have is there is nothing I can see that stops me from preventing users from continuing to use their work mail, DUO etc on their personal profile?
Any ideas on how to force users to use the works profile?
>Any ideas on how to force users to use the works profile?
Never tried it myself - but if you are using Duo for MFA (including for email), you could enable a "Trusted Endpoint" policy so it can only be accessed from the work profile. Note you need to be on the "Duo Beyond" plan to get this feature.
Another painful option, and assuming you are using Exchange, would be to enable certificate-based authentication to Exchange (so usernames/passwords are disabled). Then only deploy the certificate into the work profile. Then only Outlook in that profile would be able to log into Exchange.