Support enrolling a device under MDM for two different organizations
Contractors/Service Provider employees generally have multiple companies they work for. One the company that pays their salary, another the company that they do the work for (clients). Intune currently do not allow enrolling a device with both the companies MDM. The user need to sign out of one MDM to enroll in another and this is a painful process. Should have a easier way to enroll the device under multiple MDM
As an independent school ICT manager I see this more and more as we start to share staff and students across multiple schools all running their own MDM, more of them starting to run Intune
This would be a very welcome feature so I can treat all my users with the same guides and setup
at the moment we have separate settings for our external staff and students which are harder to manage and less secure
Darwin Dsouza commented
For all the talks in Air about collaboration tools .... Its frustrating really for not enabling collaborative features on the tools where its required and useful!
To be fair, am sure there is a concern around conflict of interests in governing the data protection, however there can be a way out i suppose.
In the Company with a production and test environment this option is needed because now it is not possible and you need more devices to do testing.
So make it able to register a device to more then one AzureAD tenant.
Scott Abbotts commented
I'm an O365 admin with several tenants/organizations, so to be able to use password-less authentication would make life so much easier.
But right now:
"One of the prerequisites to create this new, strong credential, is that the device where it resides is registered within the Azure AD tenant, to an individual user. Due to device registration restrictions, a device can only be registered in a single tenant. This limit means that only one work or school account in the Microsoft Authenticator app can be enabled for phone sign-in."
This phone sign-in option went live for public preview in September 2018, so not that long ago. But there must be lots of people out there like me that wish to use the password-less option by phone sign-in for multiple tenants.
Can someone answer us please??? We need to work properly here. Please fix it ASAP.
M de jong commented
Using flow to harvest the email into 1 single account works but its cumbersome and not secure.
Same issue here. Pathetic and frustrating
Great work Microsoft. :D Not a single comment from your side still.
In healthcare -jumping between 3 organizations which all require MDM for use of email has prevented me from keeping up on email or forcing me to choose one organization. For Microsoft to not think this through is a travesty.
Surprise surprise. No comment from MS on this at all in the year since it was logged here.
Our organization has this issue too. We're in the middle of splitting the company up. Our email addresses are on the original domain, but our SharePoint site has been migrated to the new domain. We'll have this issue until the spin-off is complete. Pretty frustrating.
Same situation here. It's also a huge problem working as consult within IT
Thomas L. Burleigh commented
Same situation here. Microsoft really needs to upgrade MDM to permit permissible multiple management use cases.
YES PLEASE I AM ALSO NOT ABLE TO CONFIGURE TWO ACCOUNTS
I am in health-care and I need this. My employer requires MDM to have email on my phone, and the hospital where we provide our services requires MDM for both email AND for remote access to the electronic medical record. Please provide a way to be simultaneously logged in at once.
Limiting each device to one MDM instance is frustrating, we are an organisation that frequently undertakes work with large user estate within a Joint Venture set up. Currently, we are having to issue separate hardware for the JV to use because the smart device estate has been issued with JV PARTNER A apple DEP and MDM deployed from source. These devices need to connect to JV PARTNER B in order to connect to the JV Email System. The only way to achieve this is by removing JV PARTNER A's MDM and replace it with JV PARTNER B's MDM. This is disallowed by JV PARTNER A as this is against their Cyber Essentials+ Policy. So the only solution is to provide all users with new smartphones. When will this be addressed???
Thomas N. Carruthers commented
This is a huge issue for us in the healthcare industry. Our hospital system (who is not our employer) requires InTune MDM for access to their e-mail, forcing our physicians to choose between their e-mail and our own organizational O365 e-mail. Please prioritize this.
Not just companies and contract staff - also many joint venture organisations where staff need to access JV systems and parent organisations...
Soumya P Parida commented
This needs a bump up. Multiple account from same org is ahead in votes and I can not guess why that is more important than this?
Lei Chen commented
Yes, we need a easier way to enroll the device under multiple MDM, this is no good design to limit only one MDM.