Support enrolling a device under MDM for two different organizations
Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM
Much needed. Please!!!!!!!!!!!
Arun Sridharan commented
please get this done. Its impacting work when MFA and CA gets enabled and tied to intune access only.
Even if mdm could only be supported in 1 environment but multiple mam support were possible that would help
I would think this would be like requesting to ask for a computer to be joined to multiple domains.
You would have to establish a trust relationship instead.
If it's not possible to join to multiple organizations by way of how MDM is supposed to work. Is it feasible perhaps that we can setup trust between multiple organizations. However, I don't see how this would be possible with a company using a different type of MDM like AirWatch, etc...
I think this is a restriction from Apple, more than Microsoft, in terms of allowing multiple device management profiles to govern the device settings. But it would be nice to figure out how this could work, especially if both companies are using Intune. I'm not sure conflicts need to be too much of a concern, as if you're using MDM you'd probably prefer a 'default deny' approach in the event of policy conflicts, and if one company decides to wipe the device, it would still be preferable to having no visibility into policy compliance (again, we'd err on the side of a user not having access than erring towards too much access).
Its. Big pain work for my client and my company. I am having really hard time with intune . Not able to configure 2 emails.
This is 200% really required for the people working in IT consultancy companies. All of us need to have access both our own office & our client accounts in inTune. But till date, MS not given any updates for this. Not sure, why they are not implementing such a common requirements
Высокая необходимость иметь в outlook 2 учетки с разных организаций.
Wow I spent half a day getting "into" a client's network only to realize it's now the only client network I can access in any useful way via my phone. Yay Microsoft!
This is one biggest pain of InTune since it was released years ago.
Yes please very helpful for vendors that support different clients/
Alternative approach would be through Switching Profiles in Mobile OS and having the Company Portal and Outlook configured for one login each profile. However there is a pain of Switching from one to another but unless Microsoft allows for configuration of two account in Company Portal this could work.
Is there any solution to configure two official emails via InTune in a single device ?
Valko Yotov commented
Many people as me work as consultants in different enterprises that use Intune and have multiple different identities.
Currently Multi-identity is supported for only 1 work account and many personal idendtities.
I can't believe Microsoft is not supporting such common scenarios when one user have several work related Multiple-identities with several different organisations that use MDM.
Would you please implement that? Otherwise I am afraid nobody will recommend Intune as serious enterprise MDM solution.
As an independent school ICT manager I see this more and more as we start to share staff and students across multiple schools all running their own MDM, more of them starting to run Intune
This would be a very welcome feature so I can treat all my users with the same guides and setup
at the moment we have separate settings for our external staff and students which are harder to manage and less secure
Darwin Dsouza commented
For all the talks in Air about collaboration tools .... Its frustrating really for not enabling collaborative features on the tools where its required and useful!
To be fair, am sure there is a concern around conflict of interests in governing the data protection, however there can be a way out i suppose.
In the Company with a production and test environment this option is needed because now it is not possible and you need more devices to do testing.
So make it able to register a device to more then one AzureAD tenant.
Scott Abbotts commented
I'm an O365 admin with several tenants/organizations, so to be able to use password-less authentication would make life so much easier.
But right now:
"One of the prerequisites to create this new, strong credential, is that the device where it resides is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. This limit means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in."
This phone sign-in option went live for public preview in September 2018, so not that long ago. But there must be lots of people out there like me that wish to use the password-less option by phone sign-in for multiple tenants.
Can someone answer us please??? We need to work properly here. Please fix it ASAP.
M de jong commented
Using flow to harvest the email into 1 single account works but its cumbersome and not secure.