Friday 31 July 2015

Multi-Identity in Microsoft Intune Managed Apps

EMS Landing page

Mobile Application Management with Microsoft Intune is a really cool technology and it is improving very rapidly as new apps are released and new features are added. I previously published a series of MAM blog posts and you can find them here

Mobile Application Management with Microsoft Intune

I've just tested the latest new feature and it works really well. Multi-Identity with MAM apps was released in June 2015. Arianna Schwartz Moshary published a blog post on the Intune Team Blog introducing the feature. You can see that blog post here

Multi-Identity and Mobile App Management with Microsoft Intune

This is an extract from that blog post:

"In June, we released an update to the Microsoft Intune mobile application management (MAM) capabilities for iOS and Android that enables coexistence of policy-managed (corporate) and unmanaged (personal) accounts in a single app – this new feature is known as multi-identity".

I really liked the sound of that. Currently quite a few Intune managed apps support this feature. They are listed in this TechNet library article

For iOS: Word, Excel, PowerPoint, OneDrive, Outlook
For Android: Outlook

I couldn't resist trying it out so I deployed Outlook to a test Android device.


This is my Managed Application policy. See that I am only allowing data transfer to other managed apps (eg cut and paste).


I installed Outlook and added two email accounts - corporate and personal. It may seem pretty obvious what the difference is between corporate and personal. However, in this case, corporate specifically refers to the email account that has the same username as the account that enrolled the device in Intune.


See when we launch the managed app with the corporate account configured. Outlook calls on the Intune Company Portal to verify the policy. See "Broker is processing". 


 Let's start with the personal email account. I can highlight some text and copy to the clipboard......


...and I'm able to paste that text into an unmanaged app. 

Now let's switch to the corporate email account (within the same app of course).


We have to enter a PIN as we are now entering the managed container.


Same action - I can highlight the text and copy to the clipboard.


However, no matter how hard I try, I cannot paste the data to the unmanged app.  

This is seriously cool - multiple management possibilities within a managed app based on user identity.

Update - difference in behaviour between Outlook for Android and Outlook for iOS
(4th August 2015)

My colleague @pvanderwoude has pointed out to me that the container behaviour is slightly different between these two apps. I've now verified this behaviour.

Android
If you install Outlook for Android and configure a personal account the app is not treated as a Managed App. You are not prompted for a PIN to enter the managed container. The app only seems to become managed when you configure the corporate email. At that time you are prompted to enter the PIN.

iOS
Outlook for iOS is a managed app as soon as it is installed. You are prompted to enter a PIN even if no accounts are configured (personal or corporate).


1 comment:

  1. The blog on Multi-Identity in Microsoft Intune Managed Apps is a crucial read for IT professionals navigating the complexities of identity management. It delves into the intricacies of handling multiple identities within Intune-managed applications, providing invaluable insights for enhanced security and user experience.

    ReplyDelete