How to block the addition of unmanaged accounts on devices
Last updated July 26th, 2023
Categories:
Environment
- Knox Manage (KM)
- Android Enterprise (AE): Device Owner (DO)/Profile Owner (PO) modes
Overview
This article will explain how to block the addition of selected account types (e.g.: Google account, or Samsung account) without completely blocking other accounts. This will allow blocking unmanaged accounts on fully managed devices and work profiles, for Samsung devices as well as for devices of other manufacturers.
How to block the addition of unmanaged accounts on the device?
- On the left sidebar of your KM console, click Profile, then click Modify Policy
- Go to Android Enterprise
- Search for System > Account Modification
- Click the menu for the option you wish to configure (device or work profile) and change it to Allow
- Go to Account Blocklist
- Click the + sign to add the accounts variable names
- Add the variable names of the accounts you want to block
Universal variables for Samsung and other manufacturers:
com.google -- Google accounts
com.google.work - managed Android Enterprise accounts in Gmail email app
com.google.android.gm.legacyimap - IMAP accounts in Gmail email app
com.google.android.gm.pop3 -- POP3 accounts in Gmail email app
com.google.android.gm.exchange - Exchange accounts in Gmail email app
Samsung devices:
com.osp.app.signin -- Samsung accounts
com.samsung.android.email -- Email accounts in Samsung email app
com.samsung.android.exchange - Exchange accounts in Samsung email app
com.samsung.android.ldap -- LDAP accounts in Samsung email app
- Click Save > OK
- Click Apply > OK
On this page
Is this page helpful?