This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 15%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Hi All,
Please clarify the below points, My company wanted to enroll the users Android and iOS BYOD devices in to Microsoft Intune.
Requirement 1 : I am planning to use the enrollment type "user enrollment with company profile" for iOS/iPads for BYOD devices, then create compliance policies, apply app protection policies and App deployment policies
Requirement 2 : I am planning to use "Android for Work profile" for Android BYOD devices, then create compliance policies, apply app protection policies and App deployment policies
Before i proceed further on these requirements, My question is, If users were using their personal devices with few apps, for example outlook for IOS APP or outlook for Android APP configured with users personal E-mail profile, If we wanted to manage outlook for IOS APP or outlook for Android APP through Microsoft Intune, Should we need to ask the users to remove the outlook App from their personal devices, and then do we need deploy the same outlook APP from Microsoft Intune to IOS and Android BYOD devices ?
Not only for Outlook APP, How we can handle this type of situations when the apps that we wanted to deploy and manage through Microsoft Intune is already present in the user BYOD devices (Android and IOS) ?
@Rudy Ooms if you could share your thoughts it would be really helpful
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Nithyanandham Singaravadivelu, Thanks for posting in Q&A.
For your issue, you can manage apps deployed from Intune as well as non-Intune deployed apps via Intune policy.
And please note that the application must be an Intune protected app.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
Hope it will help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Lets take the below mentioned scenario's
Scenario 1 : For IOS\Ipads personal devices enrollment to Intune
I have a enrollment profile created in Microsoft Intune for "user enrollment with the company portal", I am going to ask my users to enroll their personal iOS devices via Intune company portal, the user's personal device already has the outlook App installed and configured with the personal email profile. In this case, After the device is enrolled in to Microsoft Intune, I wanted to protect the corporate data accessed by the users in outlook App.
Scenario 2 : For Android personal devices enrollment to Intune
I am going to ask my users to enroll their personal Android devices via Android for Work profile method, the user's personal device already has the outlook App installed and configured with the personal email profile. In this case, After the device is enrolled in to Microsoft Intune, I wanted to protect the corporate data accessed by the users in outlook App. In this case, After the device is enrolled in to Microsoft Intune, I wanted to protect the corporate data accessed by the users in outlook App.
@Nithyanandham Singaravadivelu, Thanks for your reply.
When the device is enrolled to Intune, the Outlook application that already exists in the user's personal device can only be used in the personal container, if you want to protect the corporate data accessed by user, you need to deploy a new Outlook to work container via Intune first, and then create an app protection policy and assign it to the work account, so that the personal account can't access the corporate data, while work account can access corporate data in the work container.
Thank you for your prompt response on this.
I understand the response what you have given is applicable for both Android and IOS devices personally enrolled in to Microsoft Intune
Also, this App segregation between work and personal container is applicable for all other Microsoft apps as well and not only for outlook
Please confirm on this, thank you
@Nithyanandham Singaravadivelu, Thanks for your reply.
Based to my search, only Microsoft Intune protected apps support application isolation between work and personal containers, here is a link about Microsoft Intune protected apps you can refer.
https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
@Nithyanandham Singaravadivelu, Hope things going well.
May I know above information is helpful? if there is any confusion, feel free to let me know.