Support multi MAM protected accounts per device/app
Most Microsoft apps support multi identities. Unfortunately, MAM only possible for one identity. Trying to logon to an MAN protected app with an identity from another tenant it shows message: 'The apps on this device are already managed. Only singe managed account is allowed on a device'
Dear team any update? Or link for an follow- up?
When will the problem be resolved?
It’s very important for us!
Really needed as we have a lot of contractor work in customer tenants.
Jorge de Almeida Pinto commented
In my case....
My company that pays my salary is managing my mobile phone throught Intune, and that’s OK (e.g. firstname.lastname@example.org)
Now I have. Personal Azure AD tenant with licenses to play with and for 1 single account I have bought a Office 365 Business Premium license. For that single account only I want to be able to read my mail in the same outlook app on the same phone.
My personal azure ad tenant is NOT managing the mobile phone in any way.
So my case is:
• 2 “work” accounts, 1 is for my company and 1 is personal
• work account from company is managed through intune and mobile is enrolled and read mail through outlook app
• work account from personal is not being managed in any way nor is there any intention to do so. Just want to read mail in same outlook app and same mobile phone like is possible with a free microsoft account
Agreed. We have to set multiple accounts on one device due to business requirement. We have to have multiple smartphones if it will not be solved...
We know that apps support only one managed account with MAM policy. While we have shared mailbox/delegation access mailbox requirements. Is it possible for Intune to support multiple managed accounts in the apps？
Munetaka Araki commented
I have same issue.
I work for a company that provide support to numerous companies. I already have my device registered with this company InTune account but now, company that I support will be moving from MobileIron to Intune by end of the year. Since I support IT helpdek, I really need to register my device to 2nd company's Intune account asap as a test group. This is to assist with testing phase before Go_live.
Maya Antony commented
We are also facing same issue with users coming as consultants. User already has Work account added with Intune managed by their consulting company. When they try to add second Work account (managed by us), they get error " Already workplace joined" and then 'An error has occurred'
Echo the previous comments. Any ETA on when this will be available? Adding a MAM-WE policy for a user that also is MDM managed from another company should be possible with Outlook Mobile.
Matthew Ferguson commented
We are hitting this problem as well. This particular use case is in healthcare where someone might turn up for a shift be given a device for the shift. The user then passes the device on to the next person or returns it to a charging pool of devices.
We need to give them access to azure app services under the account they sign in with and be able to deploy internally developed enterprise apps (which use the intune sdk).
We may also potentially want the app config to vary by user.
Now that more and more companies are taking up app protection policies, this really is becoming a problem. Two examples;
- service providers (contractors) often have MAM/MDM for their home company so can't use MAM from the company they happen to be working at, unless they get a second phone.
- board members work at multiple companies and hate not being able to have all their email on one device. we have to disable app protection for these people
Simon B commented
I have to say, this is a real issue in the BYOD space. I happily pay my own E5 for my household and wanted to use MAM, but I also need to enrol into my corporate MAM and I cant have both - yet :), I think you need to find a way to support two or more ****.
Ahmed Youssef commented
We have experienced this issue in two different scenarios. One with shared devices where multiple users login to the same application and MAM policy is applied. The other with shared mailboxes where multiple users have access to a shared mailbox (like helpdesk email) beside their dedicated mailbox, they were required to keep only one managed account and delete other accounts.
As this issue caused interruption to end user daily activities we had to rollback the MAM policies
We have a lot of companies who protect their data using MAM and the BYOD users that have a separate Outlook O365 account that are being protected by another Tenant, like a University, can't enroll the same device twice in separate MAM policies.