We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer. They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?
Sort By:
Oldest
CISO in IT Services9 days ago
The easiest solution is to provide them with a managed device that you are able to ensure meets your compliance requirements. At the end of the day a handset that's not a flagship model and 2 or 3 years old will do the job perfectly well and meet most standard corporate requirements.I've also been in the position where when impacted a large group of contractors (40+ from a single company). I had some discussions with their IT Security team and the contract people, firstly, the contractors controls were actually stricter than ours were, and we included in the contract with them that they must meet or exceed our security requirements and provide a monthly report on DLP, file access and abnormal user behaviors (i.e. trying to copy and paste our data into another mailbox, folder, etc.).
Otherwise, it's pretty hard and fast, if you don't comply with the security controls and polices then you can't access the data.
CISO in IT Services8 days ago
As it turns out, the solution here is a second phone/device you control. Nothing fancy in terms of device specs, and the conflict on the BYOD is removed. It's not ideal meaning the end user has two devices, but it may actually improve business security. Good luck!
Microsoft apparently has this Intune issue on their radar, but it doesn't feel like it's getting a lot of attention.