Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Support enrolling a device under MDM for two different organizations

Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM

568 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Arulprakash Selvam shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    36 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Even if mdm could only be supported in 1 environment but multiple mam support were possible that would help

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would think this would be like requesting to ask for a computer to be joined to multiple domains.
        You would have to establish a trust relationship instead.

        If it's not possible to join to multiple organizations by way of how MDM is supposed to work. Is it feasible perhaps that we can setup trust between multiple organizations. However, I don't see how this would be possible with a company using a different type of MDM like AirWatch, etc...

      • Esteban commented  ·   ·  Flag as inappropriate

        I think this is a restriction from Apple, more than Microsoft, in terms of allowing multiple device management profiles to govern the device settings. But it would be nice to figure out how this could work, especially if both companies are using Intune. I'm not sure conflicts need to be too much of a concern, as if you're using MDM you'd probably prefer a 'default deny' approach in the event of policy conflicts, and if one company decides to wipe the device, it would still be preferable to having no visibility into policy compliance (again, we'd err on the side of a user not having access than erring towards too much access).

      • Sundaresan commented  ·   ·  Flag as inappropriate

        Its. Big pain work for my client and my company. I am having really hard time with intune . Not able to configure 2 emails.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is 200% really required for the people working in IT consultancy companies. All of us need to have access both our own office & our client accounts in inTune. But till date, MS not given any updates for this. Not sure, why they are not implementing such a common requirements

      • Данила commented  ·   ·  Flag as inappropriate

        Высокая необходимость иметь в outlook 2 учетки с разных организаций.

      • Brian commented  ·   ·  Flag as inappropriate

        Wow I spent half a day getting "into" a client's network only to realize it's now the only client network I can access in any useful way via my phone. Yay Microsoft!

      • Vlad commented  ·   ·  Flag as inappropriate

        This is one biggest pain of InTune since it was released years ago.

      • Shreyas commented  ·   ·  Flag as inappropriate

        Alternative approach would be through Switching Profiles in Mobile OS and having the Company Portal and Outlook configured for one login each profile. However there is a pain of Switching from one to another but unless Microsoft allows for configuration of two account in Company Portal this could work.

      • Anand commented  ·   ·  Flag as inappropriate

        Is there any solution to configure two official emails via InTune in a single device ?

      • Valko Yotov commented  ·   ·  Flag as inappropriate

        Many people as me work as consultants in different enterprises that use Intune and have multiple different identities.

        Currently Multi-identity is supported for only 1 work account and many personal idendtities.

        I can't believe Microsoft is not supporting such common scenarios when one user have several work related Multiple-identities with several different organisations that use MDM.

        Would you please implement that? Otherwise I am afraid nobody will recommend Intune as serious enterprise MDM solution.

      • Anonymous commented  ·   ·  Flag as inappropriate

        As an independent school ICT manager I see this more and more as we start to share staff and students across multiple schools all running their own MDM, more of them starting to run Intune
        This would be a very welcome feature so I can treat all my users with the same guides and setup
        at the moment we have separate settings for our external staff and students which are harder to manage and less secure

      • Darwin Dsouza commented  ·   ·  Flag as inappropriate

        For all the talks in Air about collaboration tools .... Its frustrating really for not enabling collaborative features on the tools where its required and useful!

        To be fair, am sure there is a concern around conflict of interests in governing the data protection, however there can be a way out i suppose.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Same here.

        In the Company with a production and test environment this option is needed because now it is not possible and you need more devices to do testing.

        So make it able to register a device to more then one AzureAD tenant.

      • Scott Abbotts commented  ·   ·  Flag as inappropriate

        I'm an O365 admin with several tenants/organizations, so to be able to use password-less authentication would make life so much easier.

        https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in

        But right now:

        "One of the prerequisites to create this new, strong credential, is that the device where it resides is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. This limit means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in."

        This phone sign-in option went live for public preview in September 2018, so not that long ago. But there must be lots of people out there like me that wish to use the password-less option by phone sign-in for multiple tenants.

      • Sara commented  ·   ·  Flag as inappropriate

        Can someone answer us please??? We need to work properly here. Please fix it ASAP.

      • M de jong commented  ·   ·  Flag as inappropriate

        Using flow to harvest the email into 1 single account works but its cumbersome and not secure.

      ← Previous 1

      Feedback and Knowledge Base