Support multi MAM protected accounts per device/app
Most Microsoft apps support multi identities. Unfortunately, MAM only possible for one identity. Trying to logon to an MAN protected app with an identity from another tenant it shows message: 'The apps on this device are already managed. Only singe managed account is allowed on a device'
Echo the previous comments. Any ETA on when this will be available? Adding a MAM-WE policy for a user that also is MDM managed from another company should be possible with Outlook Mobile.
Matthew Ferguson commented
We are hitting this problem as well. This particular use case is in healthcare where someone might turn up for a shift be given a device for the shift. The user then passes the device on to the next person or returns it to a charging pool of devices.
We need to give them access to azure app services under the account they sign in with and be able to deploy internally developed enterprise apps (which use the intune sdk).
We may also potentially want the app config to vary by user.
Now that more and more companies are taking up app protection policies, this really is becoming a problem. Two examples;
- service providers (contractors) often have MAM/MDM for their home company so can't use MAM from the company they happen to be working at, unless they get a second phone.
- board members work at multiple companies and hate not being able to have all their email on one device. we have to disable app protection for these people
Simon B commented
I have to say, this is a real issue in the BYOD space. I happily pay my own E5 for my household and wanted to use MAM, but I also need to enrol into my corporate MAM and I cant have both - yet :), I think you need to find a way to support two or more ****.
Ahmed Youssef commented
We have experienced this issue in two different scenarios. One with shared devices where multiple users login to the same application and MAM policy is applied. The other with shared mailboxes where multiple users have access to a shared mailbox (like helpdesk email) beside their dedicated mailbox, they were required to keep only one managed account and delete other accounts.
As this issue caused interruption to end user daily activities we had to rollback the MAM policies
We have a lot of companies who protect their data using MAM and the BYOD users that have a separate Outlook O365 account that are being protected by another Tenant, like a University, can't enroll the same device twice in separate MAM policies.