Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Endpoint Manager Intune?

← Ideas

Support enrolling a device under MDM for two different organizations

Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM

1,538 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google Microsoft Intune
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Arulprakash Selvam shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

92 comments

Sign in
(thinking…)
Sign in with: Facebook Google Microsoft Intune
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Hans commented  ·   ·  Flag as inappropriate

    Don't have enough pockets in my consultancy suit to stow away all cell phones now I need one for my every tenant mailaccount, not to mention the pain in my head coming from mentally consolidating all calendars. But ah, oh so secure that MDM, I'm thrilled

  • Anonymous commented  ·   ·  Flag as inappropriate

    Check:
    https://docs.microsoft.com/en-us/graph/api/resources/intune-onboarding-compliancemanagementpartner?view=graph-rest-beta
    and here is was AirWatch did with this:
    https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Directory_Service_Integration/GUID-800FB831-AA66-4094-8F5A-FA5899A3C70C.html
    Other MDM Providers should come to. So you build a kind of Trust between your MDM and the partner MDM. for some use cases may be a solution. But still in Beta...

  • Erik Glockling commented  ·   ·  Flag as inappropriate

    Please stop voting for this! If you have already voted, remove your votes and spend them on ideas that can actually be achieved by Microsoft. This has nothing to do with Intune. This is a limitation of MDM management for both platforms; Android and iOS/iPadOS.

  • Dave Gerrard commented  ·   ·  Flag as inappropriate

    The very people that promote Microsoft services at the coal face need this capability. At the moment consultants/contractors/developers have a tough time using basic Microsoft services that have been locked down with Intune because multiple logins are not allowed.

  • Stephen Lawson commented  ·   ·  Flag as inappropriate

    This is needed for like : All consultants that get a client account.. at the moment i have to choose between getting my boss emails or my clients emails or carrying two devices.. this can't be the optimum solution.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I have been looking for this feature too on ios. If someone find any work around for it, please let us know.

  • Ben commented  ·   ·  Flag as inappropriate

    There’s actually a large security flaw with this not working. As much as It won’t allow you to add a second work and school account, it WILL allow you to add the second account directly to OneDrive. This second account is added, and is entirely UNPROTECTED. The protection should be applied and the strictest of the two password policies applied. Either that or BLOCK the second enrolment.

  • Anonymous commented  ·   ·  Flag as inappropriate

    So MDM is the limitation of the actual device but it needs to be integrated into condtional access so the two intune and o365 tenants can federate B2B and maybe have one MDM authorative for multiple tenants

  • Matt Storms commented  ·   ·  Flag as inappropriate

    This is a common scenario and much needed. Why not have the more restrictive of the 2 MDM policies take precedence?

  • dmanson commented  ·   ·  Flag as inappropriate

    Having the same issue, A way to enrol devices on 2 tenants would be great even if the 2nd profile couldn't enforce any actual restrictions that would conflict with the primary MDM Account, our scenario would be that the device is enrolled in intune and is compliant (Compliance Policy with some basic settings like bitlocker enforced, AV Installed, Passwords In Use Etc.

    This would save us opening up accounts to everywhere for contractors that are employed by someone else but require access to email / sharepoint in our company.

  • VIKAS PANDEY commented  ·   ·  Flag as inappropriate

    I am also facing this, in my case the client is Google and my company has outlook. When I tried to install company portal then it shows that Google's work profile will be deleted and vice versa.

    I also need to install both on my device. Isn't there any way to have 2 work profile on same device.

  • Ananth commented  ·   ·  Flag as inappropriate

    MDM providers needs to follow a protocol that control their own data and restrict other data is getting exposed.

    Much needed to manage work efficiently using BYOD. We cant bring multiple device to manage the work.
    ++1

  • PiersMH-DwrCymru commented  ·   ·  Flag as inappropriate

    This is an awful / un-achievable idea. In short, what happens when both MDM's apply conflicting passcode policies to the same device; which wins?

    I understand the scenario's given, but this isn't the solution to any presented.

    As per another comment, this is a limitation of MDM's not Intune. Unless "all the MDM providers" get together, this isn't going to happen.

  • Tom Plant commented  ·   ·  Flag as inappropriate

    Seems like the issue here is from non-ideal AzureAD tenant architecture (ie mergers/acquisitions, individuals creating their own tenants, using corporate management on BYOD devices). But the real world isn't perfect, so I can understand wanting a workaround. Not sure if it's technically possible though, especially relying on vendors like Apple...

  • Anonymous commented  ·   ·  Flag as inappropriate

    Not everyone works for one company. If MS wants inTune to be the dominant product they need to allow the configuration to be more flexible and allow this

  • John Ward commented  ·   ·  Flag as inappropriate

    I have a work account, and I am also involved with a non profit. Both need to be enrolled, This is badly needed.

  • Johnson George commented  ·   ·  Flag as inappropriate

    This is a much awaited requirement for any multi national organizations... not sure why Microsoft is ignoring the enterprise community.

← Previous 1 3 4 5

Ideas: Mobile Device Management (general)

Categories

Feedback and Knowledge Base

(thinking…)