Intune for BYOD mobile and Cross tenant compliance

Hi, currently, to make conditional access with "trust compliant devices" work across tenants on ios/android, you need full mdm enrollment (intune device compliance). Cross-tenant intune mam support is expected later this year for ios, but it’s not available yet; web-based/jit access for byod with cross-tenant access might work if the device is registered as compliant in the primary tenant and the secondary tenants recognize it via entra id cross-tenant trust. However, for a more reliable and secure setup, full mdm enrollment is currently the best option.

If you want to avoid full mdm enrollment, an alternative is to use app protection policies (mam) separately in each tenant, but since cross-tenant mam is not yet supported, users will still need to authenticate separately for each tenant.