Home

Intune MDM Authority Inquiry

%3CLINGO-SUB%20id%3D%22lingo-sub-579532%22%20slang%3D%22en-US%22%3EIntune%20MDM%20Authority%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-579532%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20question%20around%20the%20Intune%20MDM%20Authority%20for%20'Mobile%20Device%20Management%20for%20Office%20365'%20which%20is%20currently%20disabled%20-%20hence%20the%20reason%20I%20am%20asking%20this%20question.%20I%20have%20been%20in%20the%20process%20of%20getting%20to%20know%20Intune%20better%20inside%20and%20out%2C%20but%20this%20is%20one%20pain%20point%20I%20can't%20figure%20out.%20We%20use%20MobileIron%20as%20our%20MDM%20solution%20for%20hundreds%20of%20devices%20today.%20Does%20anybody%20know%20by%20me%20enabling%20the%20Intune%20MDM%20Authority%20switch%20in%20the%20Intune%20portal%20have%20any%20affect%20or%20disruption%20with%20MobileIron%20so%20I%20can%20move%20devices%20off%20it%20slowly%20over%20to%20Intune%3F%20My%20long%20term%20goal%20is%20to%20move%20away%20from%20MobileIron%20and%20use%20Intune%20as%20our%20MDM.%20Thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-579532%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-708482%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20MDM%20Authority%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-708482%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F173825%22%20target%3D%22_blank%22%3E%40Marc%20Rodieck%3C%2FA%3E%2C%20the%20act%20itself%20of%20setting%20your%20MDM%20authority%20to%20Intune%20will%20have%20no%20direct%20impact%20to%20MobileIron.%20However%20to%20your%20point%2C%20having%20multiple%20sources%20of%20MDM%20policy%20to%20the%20same%20device%20can%20have%20a%20less%20than%20desirable%20outcome.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20a%20few%20exceptions%2C%20Intune%20is%20all%20about%20AAD%20Group%20membership%20%26amp%3B%20targeting%2C%20so%20if%20the%20users%20who%20currently%20have%20MobileIron%20enrolled%20devices%20are%20not%20members%20of%20the%20targeted%20groups%20by%20your%20Intune%20policies%2C%20they%20should%20not%20experience%20any%20impact.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20the%20main%20sources%20of%20potential%20impact%20would%20be%3A%3C%2FP%3E%0A%3CP%3E1.%20Azure%20Conditional%20Access%3C%2FP%3E%0A%3CP%3E2.%20Compliance%20Policy%20Settings%20under%20Intune%20%26gt%3B%20Device%20Compliance%20%26gt%3B%20Setup%20-%20Compliance%20Policy%20Settings%20in%20the%20Intune%20on%20Azure%20portal.%20The%20settings%20for%20Secure%20By%20Default%2C%20Enhanced%20Jailbreak%2C%20and%20Compliance%20Validity%20Period%20are%20applied%20to%20everyone%20via%20the%20%22Built-in%20Compliance%20Policy%22%20and%20cannot%20be%20scoped%20down.%3C%2FP%3E%0A%3CP%3E3.%20Policies%20assigned%20to%20%22All%20Users%22%20or%20%22All%20Devices%22%20rather%20than%20a%20specific%20AAD%20group.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20a%20migration%20guide%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fmigration-guide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fmigration-guide%3C%2FA%3E%20which%20is%20a%20great%20resource%20for%20anyone%20looking%20to%20switch%20to%20Intune%20from%20another%20MDM%20provider.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-717186%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20MDM%20Authority%20Inquiry%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-717186%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F177630%22%20target%3D%22_blank%22%3E%40Matthew%20Butcher%3C%2FA%3E%26nbsp%3BThank%20you%20so%20much%20for%20responding%20to%20my%20ask.%20This%20is%20exactly%20what%20I%20was%20looking%20for%20as%20duplicating%20this%20effort%20in%20a%20test%20lab%20is%20challenging%20sometimes%20when%20the%20resources%20are%20not%20there.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20a%20good%20day!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Marc Rodieck
Occasional Contributor

I have a question around the Intune MDM Authority for 'Mobile Device Management for Office 365' which is currently disabled - hence the reason I am asking this question. I have been in the process of getting to know Intune better inside and out, but this is one pain point I can't figure out. We use MobileIron as our MDM solution for hundreds of devices today. Does anybody know by me enabling the Intune MDM Authority switch in the Intune portal have any affect or disruption with MobileIron so I can move devices off it slowly over to Intune? My long term goal is to move away from MobileIron and use Intune as our MDM. Thanks

2 Replies

Hi @Marc Rodieck, the act itself of setting your MDM authority to Intune will have no direct impact to MobileIron. However to your point, having multiple sources of MDM policy to the same device can have a less than desirable outcome.

 

With a few exceptions, Intune is all about AAD Group membership & targeting, so if the users who currently have MobileIron enrolled devices are not members of the targeted groups by your Intune policies, they should not experience any impact.

 

However, the main sources of potential impact would be:

1. Azure Conditional Access

2. Compliance Policy Settings under Intune > Device Compliance > Setup - Compliance Policy Settings in the Intune on Azure portal. The settings for Secure By Default, Enhanced Jailbreak, and Compliance Validity Period are applied to everyone via the "Built-in Compliance Policy" and cannot be scoped down.

3. Policies assigned to "All Users" or "All Devices" rather than a specific AAD group.

 

We have a migration guide here: https://docs.microsoft.com/en-us/intune/migration-guide which is a great resource for anyone looking to switch to Intune from another MDM provider.

 

I hope this helps!

Hi @Matthew Butcher Thank you so much for responding to my ask. This is exactly what I was looking for as duplicating this effort in a test lab is challenging sometimes when the resources are not there. 

 

Have a good day! 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies