Forum Discussion
Can not login with Google workspace account under restricting Personal google account on Intune
I am considering the introduction of Android Enterprise in my company and am testing the distribution of configuration policies from Intune. The enrollment profile is set to COBO (Android Enterprise corporate owned fully managed). I do not want users to log in with their personal Google accounts, so I want them to log in to apps like Google Meet with the Google Workspace account managed by the company. However, when I set the "Restrict personal accounts" policy in Intune to block, no Google accounts can be added at all. Conversely, if I disable this setting, both personal and Google Workspace accounts can be logged in. Does anyone know a solution to this?
I received a response from Microsoft regarding this issue, and I have found the answer, so I am sharing it for future reference.
In conclusion, if you set "Personal Google Accounts" to block in Intune, you cannot add either personal or Google Workspace accounts in COBO (Android Enterprise corporate owned fully managed) and COPE(Corporate Owned Personally Enabled). Conversely, if you set "Personal Google Accounts" to Not configured (default), you can add both personal and Google Workspace accounts (verified).
Additionally, for BYOB devices, you can restrict the domains of accounts added in the work profile configuration policy. However, this is only supported for BYOB and not for COBO or COPE, meaning you cannot restrict domains in these cases.
It is unclear whether this is an issue with Google or Microsoft, but since many companies use both Microsoft 365 and Google Workspace, it would be very helpful if this specification could be improved.
I received a response from Microsoft regarding this issue, and I have found the answer, so I am sharing it for future reference.
In conclusion, if you set "Personal Google Accounts" to block in Intune, you cannot add either personal or Google Workspace accounts in COBO (Android Enterprise corporate owned fully managed) and COPE(Corporate Owned Personally Enabled). Conversely, if you set "Personal Google Accounts" to Not configured (default), you can add both personal and Google Workspace accounts (verified).
Additionally, for BYOB devices, you can restrict the domains of accounts added in the work profile configuration policy. However, this is only supported for BYOB and not for COBO or COPE, meaning you cannot restrict domains in these cases.
It is unclear whether this is an issue with Google or Microsoft, but since many companies use both Microsoft 365 and Google Workspace, it would be very helpful if this specification could be improved.
