Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

How can we improve Microsoft Endpoint Manager Intune?

← Ideas

Support enrolling a device under MDM for two different organizations

Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM

2,054 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Arulprakash Selvam shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

104 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Microsoft needs to implement this at a MAM level so you can manage office apps on a system controlled by another EMM solution.

    And for any who try to release Microsoft from any responsibility in this area please remember that Microsoft has anti-competitively leveraged their position with Exchange/Office in the Enterprise to say that ONLY INTUNE can manage any Security for the Mobile Office apps. This forces every company who needs to secure these apps to consider InTune even when InTune cannot compare with other EMM solutions in the market and is unable meet all of the needs fulfilled those other EMM solutions. This basically forces every major Enterprise who has an EMM to consider a dual enrollment of Intune and their existing EMM. Otherwise, it anti-competitively forces EMM migrations to the currently inferior InTune product. Microsoft needs to be held accountable here and provide a workable solution for those who have reasons to use other EMM's for their needs but still have obligations to secure Office 365 mobile app data.

  • Laszlo Kapus commented  ·   ·  Flag as inappropriate

    Use MAM?

    MDM for 2 different organisations is a security risk not to mention it's in the name:
    Mobile Device Management
    It's like having 2 drivers with one steering wheel, throttle and brake pedal.

    One organisation enforces encryption, the other doesn't.... aso.

    We had contractors in the past, with Intune enrolled devices and I was able to add them to our MAM group and they were able to access our O365 applications.

    MDM for corporate owned devices
    MAM / MAM-WE for BYOD

    This works well.
    Imagine wiping a device what is not owned by your corporation - think on the legal consequences!

  • David commented  ·   ·  Flag as inappropriate

    I run [the technical side of] a charity that people generously volunteer their time to support. Our Office 365 systems hold *personal* and *sensitive* (as defined by GDPR) data and we thusly need to protect that data.

    All (that's 100%) of our volunteers access our systems using personal devices (BYOD) and work for other companies that have their own MDM solutions in place, therefore, I am unable to use the Intune licenses we have purchased entirely due to this restriction i.e. not being unable to enrol within more than one MDM.

    Please, please, please fix this.

    p.s. do you have any idea how difficult it is to comply with GDPR without a viable MDM solution? And you can just forget trying to become Cyber Essentials certified (https://www.ncsc.gov.uk/cyberessentials)!

  • Sid Nk commented  ·   ·  Flag as inappropriate

    I need to check mails from my payroll organization as well as from my client organization but I cant do it currently.

  • Steven commented  ·   ·  Flag as inappropriate

    I don't think this would even be possible. How would it even work?

    Problems:
    1. You're logged in as a single identity so you already have to pick which organization is going to be primary based on that alone.
    2. Each organization can set contradictory settings.
    3. Privacy is a huge problem. I can configure your device to send logs or always-on VPN to my organization but that would now potentially include information from other organizations.
    4. Any one company could wipe the entire device. So you quit working for one company, their staff doesn't know you have a multi-enrolled device and they issue a device wipe. Now you lost data for your other clients. Are you sure you'd want that?

    The best that is achievable is if every organization had their own sandbox and the device itself wasn't managed. Essentially just MAM but that's up to each organization to implement and as far as I know no OS supports this so it couldn't be implemented by the Intune team anyway.

    The workaround is to pick which who you want to be primary then use web-apps for secondary.

  • Gunnar Söderman commented  ·   ·  Flag as inappropriate

    This is a really important issue for anyone working with customers. Basically you need to choose who you get emails from as well as making your life really difficult when it come to time management. In my view, Intuen undoes a lot of the great things about IT, its really much better to use a paper calendar than a phone.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Support enrolling a device under MDM for two different organizations is needed in our Organization.

  • Hans commented  ·   ·  Flag as inappropriate

    Don't have enough pockets in my consultancy suit to stow away all cell phones now I need one for my every tenant mailaccount, not to mention the pain in my head coming from mentally consolidating all calendars. But ah, oh so secure that MDM, I'm thrilled

  • Anonymous commented  ·   ·  Flag as inappropriate

    Check:
    https://docs.microsoft.com/en-us/graph/api/resources/intune-onboarding-compliancemanagementpartner?view=graph-rest-beta
    and here is was AirWatch did with this:
    https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Directory_Service_Integration/GUID-800FB831-AA66-4094-8F5A-FA5899A3C70C.html
    Other MDM Providers should come to. So you build a kind of Trust between your MDM and the partner MDM. for some use cases may be a solution. But still in Beta...

  • Erik Glockling commented  ·   ·  Flag as inappropriate

    Please stop voting for this! If you have already voted, remove your votes and spend them on ideas that can actually be achieved by Microsoft. This has nothing to do with Intune. This is a limitation of MDM management for both platforms; Android and iOS/iPadOS.

  • Dave Gerrard commented  ·   ·  Flag as inappropriate

    The very people that promote Microsoft services at the coal face need this capability. At the moment consultants/contractors/developers have a tough time using basic Microsoft services that have been locked down with Intune because multiple logins are not allowed.

  • Stephen Lawson commented  ·   ·  Flag as inappropriate

    This is needed for like : All consultants that get a client account.. at the moment i have to choose between getting my boss emails or my clients emails or carrying two devices.. this can't be the optimum solution.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I have been looking for this feature too on ios. If someone find any work around for it, please let us know.

← Previous 1 3 4 5 6

Ideas: Mobile Device Management (general)

Categories

Feedback and Knowledge Base

(thinking…)