Android MDM

Just browsing

Android MDM

Hi all, 


Setting up MDM and got a few queries on the BYOD side with regards to Android phones. I have managed to enrol Android phones and it creates the works container. That is all fine but the issue I have is there is nothing I can see that stops me from preventing users from continuing to use their work mail, DUO etc on their personal profile?


Any ideas on how to force users to use the works profile?


Thanks again


John Paul 

Kind of a big deal

>Any ideas on how to force users to use the works profile?


Never tried it myself - but if you are using Duo for MFA (including for email), you could enable a "Trusted Endpoint" policy so it can only be accessed from the work profile.  Note you need to be on the "Duo Beyond" plan to get this feature. 


Another painful option, and assuming you are using Exchange, would be to enable certificate-based authentication to Exchange (so usernames/passwords are disabled).  Then only deploy the certificate into the work profile.  Then only Outlook in that profile would be able to log into Exchange.

Thanks Philip, will give it a go and see how we get on 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.