Forum Discussion
Solved
Guidance with Outlook App Configuration Policies and Conf.Keys for Android
First off, I'm referring to the Configuration Key com.microsoft.intune.mam.AllowedAccountUPNs, documented here https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-...
FYI in case anyone else gets in their own way like I do/did...
The answer is that we still use "valueString" as the type, but then we separate UPNs in our list using semicolon instead of comma. I found this info here:
Specifically:
Allow only configured organization accounts in multi-identity apps
As the Microsoft Intune administrator, you can control which work or school accounts are added to Microsoft apps on managed devices. You can limit access to only allowed organization user accounts and block personal accounts on enrolled devices. For Android devices, use the following key/value pairs in a Managed Devices app configuration policy:
Key: com.microsoft.intune.mam.AllowedAccountUPNsValues:
- One or more ; delimited UPNs.
- Only account(s) allowed are the managed user account(s) defined by this key.
- For Intune enrolled devices, the {{userprincipalname}} token may be used to represent the enrolled user account.
"Only account(s) allowed are the managed user account(s) defined by this key." is oddly-written but oh well.
Do you have examples with screenshots? Because this is not clear what you describe here.
Here's a quick screenshot from my current lab env. Still looks mostly the same. Once you turn on Work Accounts only, you will see the AllowedAccountUPNs configuration key show up. In the view I am showing below, the value type is just "string" (not "valueString"), so that is different from what I described back in 2020. Nonetheless, it is the {{UserPrincipalName}} area which I was referring to that takes semi-colon-delimited UPNs:
I should state, I'm a little out of touch on this topic right now and it is 5 years later so things may have changed some. I'm scratching my head on this one a little bit trying to remember the exact use case I had. I feel like it must have been a decidated app configuration profile to deploy to a specific set of users who need to have a specific additional mailbox(es) added to their mobile Outlook. Hope this answer clears up what you were after.
Hello, I don't understand how I can configure an additional mailbox. if i set to enable "allow only work account", i can only configure principal mailbox.
thank you
