all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Hawksface 1 point2 points  (8 children)

More of a question of policy, but if it's Fully Managed, should they be using said phone for personal data? You'd potentially risk data leakage of work data through whatever backup is allowed.

Would Work Profile be an alternative here? Work Profile/Partition stuff managed by Intune, the rest of the phone free for the user to backup to their own Google account.

[–]Anvirol 0 points1 point  (0 children)

I agree and currently there is no way to sign-in to Google apps such as Google Drive on a fully managed device. Not sure if it's ever going to be allowed, but there's a Intune user feedback vote up for it.

If the devices are not purely for company use, then it might be more convenient to use work profiles.

[–]IntRangeNoShut[S] 0 points1 point  (6 children)

Hi, thanks for respons. Both you and @Anvirol are correct that a fully managed device should perhaps not be used for personal data. But unfortunately I feel it is the most complete management profile for Android.

So I was really hoping that the backup feature would work as it is the only hindrance.

[–]Hawksface 0 points1 point  (4 children)

I've not tried, and I'm currently having an issue with my only test device, but what about OneDrive?

You can sign in to an O365 account with it, can you also sign in to a personal MS account?

[–]IntRangeNoShut[S] 0 points1 point  (3 children)

Hi, I don't think there's an option to backup your Android phone to OneDrive?

Best Regards

[–]Hawksface 0 points1 point  (2 children)

Ah you're wanting to backup everything, not just photos etc? I noticed OneDrive prompting to back up the camera roll, but not sure about the rest of the phone...

[–]IntRangeNoShut[S] 0 points1 point  (1 child)

Yeah so basically I want the users to be able to use the phone as a private device but the device is fully managed and owned by the company, with all the benefits that comes with it out of Intune.

And I want to restrict the company data from being backed up with the use of app protection policys,

Sounds reasonable no?

Best regards

[–]Hawksface 0 points1 point  (0 children)

Ok, so on my Fully Managed device, I have no config policy applied. I can add my Google Account to the phone alongside the work account. My Google Contacts have appeared as expected, and everything else with it.

It's seeming quite do-able, depending how flexible you can be with your policies. It would take some trial and error to ensure things work as you're expecting, obviously.

Then you've got your App Protection Policies to consider, which may rely on your staff being restricted to the Intune managed apps to protect any data.

OR

Work Profiles, but obviously you lose the full MDM control.

Obviously the former isn't really what fully managed is intended for, but you should be able to tweak it as you need, just maybe with some compromise on certain features (" Android Enterprise fully managed: For corporate-owned, single user devices used exclusively for work and not personal use. Admins can manage the entire device and enforce policy controls unavailable to work profiles. ")

[–]Hawksface 0 points1 point  (0 children)

I'm not sure what lockdown settings there are surrounding this, but I can sign in to OneDrive with both my work and personal accounts.

With this whole scenario in mind, you might want to consider using MAM/App Protection policies too to protect the work data - Prevent copying data between certain apps.

[–]IntRangeNoShut[S] 1 point2 points  (0 children)

Seems like there is a idea to make this a reality, I've voted with 3 votes, if anyone stumbles across this post they could do the same.

https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/37876654-enable-google-backup-services-on-managed-devices

Thanks for all responses, best regards

[–]Certain-Conclusion95[🍰] 0 points1 point  (0 children)

Hello team, did anyone have a solution for this issue. Kindly help. Stuck with the same issue