Menu

How to block the addition of unmanaged accounts on devices

Environment

  • Knox Manage (KM)
  • Android Enterprise (AE): Device Owner (DO)/Profile Owner (PO) modes

Overview

This article will explain how to block the addition of selected account types (e.g.: Google account, or Samsung account) without completely blocking other accounts. This will allow blocking unmanaged accounts on fully managed devices and work profiles, for Samsung devices as well as for devices of other manufacturers.

How to block the addition of unmanaged accounts on the device?

  1. On the left sidebar of your KM console, click Profile, then click Modify Policy
  2. Go to Android Enterprise
  3. Search for System > Account Modification
  4. Click the menu for the option you wish to configure (device or work profile) and change it to Allow
  5. Go to Account Blocklist
  6. Click the “ + “ sign to add the accounts variable names
  7. Add the variable names of the accounts you want to block
											

Universal variables for Samsung and other manufacturers:

com.google – Google accounts com.google.work - managed Android Enterprise accounts in Gmail email app com.google.android.gm.legacyimap - IMAP accounts in Gmail email app com.google.android.gm.pop3 – POP3 accounts in Gmail email app com.google.android.gm.exchange - Exchange accounts in Gmail email app
												

Samsung devices:

com.osp.app.signin – Samsung accounts com.samsung.android.email – Email accounts in Samsung email app com.samsung.android.exchange - Exchange accounts in Samsung email app com.samsung.android.ldap – LDAP accounts in Samsung email app
  1. Click Save > OK
  2. Click Apply > OK