Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)
SOLVED

[iOS&Android] Two app protection policies for the same account in two tenants

%3CLINGO-SUB%20id%3D%22lingo-sub-3183206%22%20slang%3D%22en-US%22%3E%5BiOS%26amp%3BAndroid%5D%20Two%20app%20protection%20policies%20for%20the%20same%20account%20in%20two%20tenants%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3183206%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20issue%20with%20the%20following%20setup%3A%3C%2FP%3E%3CUL%3E%3CLI%3EWe%20have%20two%20tenants%20(A%20and%20B)%3C%2FLI%3E%3CLI%3EFor%20both%20tenants%20we%20use%20App%20Protection%20Policies%20for%20iOS%20and%20Android%20and%20we%20force%20them%20with%20conditional%20access%20for%20the%20Microsoft%20365%20Apps%20like%20Teams%2C%20SharePoint%20etc.%3C%2FLI%3E%3CLI%3ETenant%20A%20invites%20the%20Tenant%20B%20User%20as%20guests%20accounts%20to%20collaborate%20with%20MS%20Teams%3C%2FLI%3E%3CLI%3EIf%20a%20user%20from%20the%20Tenant%20B%20tries%20to%20switch%20tenant%20in%20the%20Microsoft%20Teams%20app%20on%20iOS%20to%20the%20tenant%20A%20with%20the%20same%20identity%2C%20it%20forces%20the%20user%20to%20log%20in%20to%20the%20tenant%20A%20(what%20is%20correct)%20but%20after%20the%20app%20tries%20to%20register%20the%20phone%20on%20the%20Tenant%20B%20(where%20the%20user%20comes%20from).%20This%20takes%20the%20user%20in%20a%20never%20ending%20loop%20(login%2C%20register%20and%20again)%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThe%20question%20is%3A%20is%20it%20possible%20to%20use%20two%20tenants%20with%20the%20same%20identity%20but%20different%20app%20protection%20policies%20in%20Microsoft%20Teams%20on%20iOS%2FAndroid%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3183206%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3183280%22%20slang%3D%22en-US%22%3ERe%3A%20%5BiOS%26amp%3BAndroid%5D%20Two%20app%20protection%20policies%20for%20the%20same%20account%20in%20two%20tenants%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3183280%22%20slang%3D%22en-US%22%3ESomething%20like%20described%20here%20%3F%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fapp-protection-policies-not-support-multiple-accounts-profiles%2Fm-p%2F2705732%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fapp-protection-policies-not-support-multiple-accounts-profiles%2Fm-p%2F2705732%3C%2FA%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi there!

 

We have a issue with the following setup:

  • We have two tenants (A and B)
  • For both tenants we use App Protection Policies for iOS and Android and we force them with conditional access for the Microsoft 365 Apps like Teams, SharePoint etc.
  • Tenant A invites the Tenant B User as guests accounts to collaborate with MS Teams
  • If a user from the Tenant B tries to switch tenant in the Microsoft Teams app on iOS to the tenant A with the same identity, it forces the user to log in to the tenant A (what is correct) but after the app tries to register the phone on the Tenant B (where the user comes from). This takes the user in a never ending loop (login, register and again)

The question is: is it possible to use two tenants with the same identity but different app protection policies in Microsoft Teams on iOS/Android?

2 Replies
best response confirmed by DrBojlerGyula (Occasional Contributor)
Hi again Rudy! I hope you are doing fine. :)

Exactly. Basically we want to enroll the device in two tenants.

As I read it is not possible: Intune app protection policies limit users to one managed work or school account per app.