We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
364 views3 Comments
Sort By:
Oldest
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this limitation. Additionally Teams, Outlook, Word, and Excel all support multiple identities.

Microsoft apparently has this Intune issue on their radar, but it doesn't feel like it's getting a lot of attention.
CISO in IT Services9 days ago
The easiest solution is to provide them with a managed device that you are able to ensure meets your compliance requirements. At the end of the day a handset that's not a flagship model and 2 or 3 years old will do the job perfectly well and meet most standard corporate requirements.

I've also been in the position where when impacted a large group of contractors (40+ from a single company). I had some discussions with their IT Security team and the contract people, firstly, the contractors controls were actually stricter than ours were, and we included in the contract with them that they must meet or exceed our security requirements and provide a monthly report on DLP, file access and abnormal user behaviors (i.e. trying to copy and paste our data into another mailbox, folder, etc.).

Otherwise, it's pretty hard and fast, if you don't comply with the security controls and polices then you can't access the data.
2
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in IT Services8 days ago
As it turns out, the solution here is a second phone/device you control. Nothing fancy in terms of device specs, and the conflict on the BYOD is removed. It's not ideal meaning the end user has two devices, but it may actually improve business security. Good luck!

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Disruptive & Emerging TechnologiesData & AnalyticsPeople & Leadership+1 more
Principal in Finance (non-banking)a year ago
Almost too many to list. I believe original content — written, photos, and videos — are all but certain to become widely synthetic. Perhaps people will do some humanizing of the content but most of it will be artificially ...read more
5 1 Reply
Read More Comments
175.5k views40 Upvotes97 Comments

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes