Google Android 11 must be configured to disable multi-user modes.
Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies. SFR ID: FMT_SMF_EXT.1.1 #47b
Configure the Google Android 11 device to disable multi-user modes. On the EMM console: 1. Open "Set user restrictions". 2. Toggle "Disallow modify accounts" to On.
Review documentation on the Google Android device and inspect the configuration on the Google Android device to disable multi-user modes. This validation procedure is performed on both the EMM Administration Console and the Android 11 device. On the EMM console, do the following: 1. Open "Set user restrictions". 2. Verify that "Disallow modify accounts" is toggled to On. On the Android 11 device, do the following: 1. Go to Settings >> Accounts>> Work. 2. Validate that "Add Account" is grayed out. If the EMM console device policy is not set to disable multi-user modes or on the Android 11 device, the device policy is not set to disable multi-user modes, this is a finding.