This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 90%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hello all,
I have two existing tenants:
Both tenants have their own AD, name, AD Connect, nothing is linked.
All our devices are registered in TenantA and managed for access our company data and such. Conditional Access is in place in this TenantA with MFA requirement and other stuffs.
I need to secure TenantB to require both MFA/Passwordless AND a compliant device (for example my TenantA laptop...)
I searched for the B2B Collaboration inbound Trusted device setting, but it seems limited to TenantA users themselves that are NOT allowed on TenantB (strictly no guest on TenantB) so this setting seem to have no effect on my conditional acces.
Is there a solution? Or should I start building VMs on my laptops to solve the issue?
A cloud-based identity and access management service for securing user authentication and resource access
Other Intune-related topics, including unsupported scenarios and platform-specific behaviors
Answer accepted by question author
There's no way to establish such trust without having the users represented in some form in both tenants. Using the recently released cross-tenant sync you can provision them either as Guests or Members, but a matching user account must exist before you can configure the Trust settings.
Thanks,
It was what I was expecting, but I was hoping for a different answer.