Support enrolling a device under MDM for two different organizations
Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM
Eugene Rosenfeld commented
I need to check email from multiple clients. There is no way to do this if they are using Intune.
Sid Nk commented
I need to check mails from my payroll organization as well as from my client organization but I cant do it currently.
I don't think this would even be possible. How would it even work?
1. You're logged in as a single identity so you already have to pick which organization is going to be primary based on that alone.
2. Each organization can set contradictory settings.
3. Privacy is a huge problem. I can configure your device to send logs or always-on VPN to my organization but that would now potentially include information from other organizations.
4. Any one company could wipe the entire device. So you quit working for one company, their staff doesn't know you have a multi-enrolled device and they issue a device wipe. Now you lost data for your other clients. Are you sure you'd want that?
The best that is achievable is if every organization had their own sandbox and the device itself wasn't managed. Essentially just MAM but that's up to each organization to implement and as far as I know no OS supports this so it couldn't be implemented by the Intune team anyway.
The workaround is to pick which who you want to be primary then use web-apps for secondary.
Need this feature asap
Need this feature ASAP
Jesse Davis commented
This is an iOS and/or Android platform limitation.
Gunnar Söderman commented
This is a really important issue for anyone working with customers. Basically you need to choose who you get emails from as well as making your life really difficult when it come to time management. In my view, Intuen undoes a lot of the great things about IT, its really much better to use a paper calendar than a phone.
Support enrolling a device under MDM for two different organizations is needed in our Organization.
Don't have enough pockets in my consultancy suit to stow away all cell phones now I need one for my every tenant mailaccount, not to mention the pain in my head coming from mentally consolidating all calendars. But ah, oh so secure that MDM, I'm thrilled
and here is was AirWatch did with this:
Other MDM Providers should come to. So you build a kind of Trust between your MDM and the partner MDM. for some use cases may be a solution. But still in Beta...
Erik Glockling commented
Please stop voting for this! If you have already voted, remove your votes and spend them on ideas that can actually be achieved by Microsoft. This has nothing to do with Intune. This is a limitation of MDM management for both platforms; Android and iOS/iPadOS.
A must have for BYOD users
Dave Gerrard commented
The very people that promote Microsoft services at the coal face need this capability. At the moment consultants/contractors/developers have a tough time using basic Microsoft services that have been locked down with Intune because multiple logins are not allowed.
Stephen Lawson commented
This is needed for like : All consultants that get a client account.. at the moment i have to choose between getting my boss emails or my clients emails or carrying two devices.. this can't be the optimum solution.
I have been looking for this feature too on ios. If someone find any work around for it, please let us know.
There’s actually a large security flaw with this not working. As much as It won’t allow you to add a second work and school account, it WILL allow you to add the second account directly to OneDrive. This second account is added, and is entirely UNPROTECTED. The protection should be applied and the strictest of the two password policies applied. Either that or BLOCK the second enrolment.
So MDM is the limitation of the actual device but it needs to be integrated into condtional access so the two intune and o365 tenants can federate B2B and maybe have one MDM authorative for multiple tenants