Confirmed that it is currently by design that conditional access allows only one identity per device at this time. We hear that you need this and we’re looking into it. I’ve changed the title and category to indicate that this is related to conditional access.
Again, this is just for multiple identities from the same company. If you’re looking for having one device with identities from two different companies for MDM, that idea is here:
And if you’re looking for having multiple identities for MAM, that idea is here: https://microsoftintune.uservoice.com/forums/291681/suggestions/34627435
An error occurred while saving the commentHuw commented
I can see this may be difficult but it is much needed! If it was possible to separate the domain join from compliance. At the moment a device needs to be joined to evaluate compliance, but it should be possible to evaluate compliance independently from being joined. Compliance is just a set of tests so surely a device could be compliant with multiple domains even if not joined, then if necessary 'domain joined' could be added as a compliance test if required, rather than a pre-requisite?