Hi, thanks for reaching out to Hexnode Connect!
I understand your scenario. Because the devices are enrolled with a work profile, Hexnode’s management capabilities are strictly confined to that secure container to protect user privacy. We essentially have zero visibility or control over what the user installs on the personal side of their phone.
Since UEMs cannot block app installations on a personal profile, the trick is to restrict where that corporate account is allowed to authenticate. To stop this behavior, you will need to utilize Microsoft Entra ID (formerly Azure AD) Conditional Access policies in tandem with Hexnode.
Here is how you can lock that down:
- The Restriction: Configure an Entra ID policy that requires a Managed App or App Protection Policy to access Office 365 resources.
- The Result: Conditional Access will automatically block sign-in attempts from the personal Outlook app, forcing users to utilize the managed version inside the work profile.
- The Security: This ties identity to device management, keeping your corporate data strictly locked inside the secure container and preventing leaks to the personal side.
Check out our detailed walkthrough on how to bridge Entra ID and Hexnode to get this exact policy up and running:
Let me know if you run into any roadblocks while configuring the integration!
Best regards,
George
Hexnode UEM
16 Views
