cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Android MDM

Just browsing

Android MDM

Hi all, 

 

Setting up MDM and got a few queries on the BYOD side with regards to Android phones. I have managed to enrol Android phones and it creates the works container. That is all fine but the issue I have is there is nothing I can see that stops me from preventing users from continuing to use their work mail, DUO etc on their personal profile?

 

Any ideas on how to force users to use the works profile?

 

Thanks again

 

John Paul 

2 REPLIES 2
Kind of a big deal

Re: Android MDM

>Any ideas on how to force users to use the works profile?

 

Never tried it myself - but if you are using Duo for MFA (including for email), you could enable a "Trusted Endpoint" policy so it can only be accessed from the work profile.  Note you need to be on the "Duo Beyond" plan to get this feature.

https://duo.com/docs/policy#devices-policy-settings 

 

Another painful option, and assuming you are using Exchange, would be to enable certificate-based authentication to Exchange (so usernames/passwords are disabled).  Then only deploy the certificate into the work profile.  Then only Outlook in that profile would be able to log into Exchange.

Just browsing

Re: Android MDM

Thanks Philip, will give it a go and see how we get on 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels