Menu

How to allow access to personal Gmail in Managed Google Play contexts

Last updated: September 9, 2022

Environment

  • Knox Manage
  • Fully managed Android device
  • Personal Google account
  • Managed Google Play

Overview

In contexts where you manage Android apps with Managed Google Play, due to business need, you often want to restrict access to the public Google Play Store by preventing the personal Google account on the device from making changes in the default Play Store app. However, this has the side effect of preventing the device user from accessing their account's email through the Gmail app.

This article provides guidance on how to block the device user's access to the public Play Store app while preserving their access to their personal Gmail account.

How to allow a personal Google account to access Gmail but not the public Play Store app

  1. On the Knox Manage console, create a new profile or edit an existing profile.
  2. Click Modify Policy.
  3. Expand the Android Enterprise > System policy drawer.
  4. Set the following policies:

    • Account Modification to Allow
    • Account Modification > Allow Account in Google Play to Allow only MGP account
  5. Apply the profile:

    • If profile was already assigned, click Save and then re-apply the profile.
    • If the profile is new, click Save & Assign and assign it to the group or organization that contains the target devices.

Now, the device user can access their personal Gmail but not the public Google Play Store. Their only app source is your enterprise's store on Managed Google Play.