I have a question around the Intune MDM Authority for 'Mobile Device Management for Office 365' which is currently disabled - hence the reason I am asking this question. I have been in the process of getting to know Intune better inside and out, but this is one pain point I can't figure out. We use MobileIron as our MDM solution for hundreds of devices today. Does anybody know by me enabling the Intune MDM Authority switch in the Intune portal have any affect or disruption with MobileIron so I can move devices off it slowly over to Intune? My long term goal is to move away from MobileIron and use Intune as our MDM. Thanks
Hi @Marc Rodieck, the act itself of setting your MDM authority to Intune will have no direct impact to MobileIron. However to your point, having multiple sources of MDM policy to the same device can have a less than desirable outcome.
With a few exceptions, Intune is all about AAD Group membership & targeting, so if the users who currently have MobileIron enrolled devices are not members of the targeted groups by your Intune policies, they should not experience any impact.
However, the main sources of potential impact would be:
1. Azure Conditional Access
2. Compliance Policy Settings under Intune > Device Compliance > Setup - Compliance Policy Settings in the Intune on Azure portal. The settings for Secure By Default, Enhanced Jailbreak, and Compliance Validity Period are applied to everyone via the "Built-in Compliance Policy" and cannot be scoped down.
3. Policies assigned to "All Users" or "All Devices" rather than a specific AAD group.
Hi @Matthew Butcher Thank you so much for responding to my ask. This is exactly what I was looking for as duplicating this effort in a test lab is challenging sometimes when the resources are not there.