Accounts
The Accounts settings restrict users from configuring specific types of accounts on devices.
Policy setting | Description | Supported devices |
---|---|---|
Configure restricted account types | Account types in Android are specific to an app and are created when the app makes the
appropriate calls to the operating system. When an app requires authentication, it can create its
own unique account type. The format of an account type is similar to the application's bundle
identifier or package name. Account types, along with their associated authenticators, ensure that
only trusted apps can create accounts and interact with the Android account management system. By
restricting the account types, you can prevent malicious apps from creating unauthorized accounts or
accessing sensitive user information. For example,
|
Android 5.0+ PO and DO |
Configure Allowed Accounts (Allowlist) | The accounts are considered acceptable for configuration on the device. However, this setting
does not prevent users from adding accounts. The device does not detect any block-listing until the
account is configured, and the device reports the data to the MaaS360 compliance engine. The MaaS360 variables such as %email% and %username% are used to allowlist directory data. You can also use broader formats to add multiple accounts. The wildcards such as .*\Qstring\E.* are supported in Java™ regex syntax. This means that everything between "\Q" and "\E" is treated as a literal string, so that all the characters such as '@' or '.' are interpreted as regular characters. The '.*' pattern matches any sequence of characters. For example, if you require to support all the Gmail accounts, add .*\Q@gmail.com\E.*. In this format, it is important that the . [period] comes before the * [asterisk], so that the string recognizes all potential entries that come before and after gmail.com. The devices with restricted accounts appear as out of compliance, and custom actions can be enforced if necessary. If the desired result is to restrict users from adding any accounts at all, refer to the Allow modification of accounts setting under to prevent such actions. The accounts can be configured in the Work container. All other accounts are automatically restricted.The following
account placeholders are supported.
The supported wildcard is * .\Qdomain\E.{}. |
Android 5.0+ PO and DO |
Restrict Personal Accounts in Google Play | If this setting is enabled, MaaS360 blocks the use of personal Google accounts to install
apps, but allows users to add personal Google accounts (to read their email in Gmail for example). Note:
|
Android 5.0+ (PO, WPCO & DO) |
Configure Allowed Google Account By Domain |
Allow only specific Google accounts for mail access, play store access and other Google services on the device. All other accounts such as personal accounts are blocked. If your organization uses G-Suite and enabled G-Suite binding with MaaS360, this policy can be used to restrict play store access only to corporate Google accounts. If your organization uses G Suite and enabled G Suite binding with MaaS360, use this policy to restrict Play Store access to corporate Google accounts. For example, you can allow corporate domains such as mycompany.org so that personal accounts such as gmail.com are automatically blocked. If you do not specify domains, users can add and sign in to Google services from any Google account. Note:
|
Android 5.0+ PO and DO |