Trusting Device Compliance Across B2B Tenants in Intune

Question

Trusting Device Compliance Across B2B Tenants in Intune

ASHWORTH Mark 20

Tenant A and Tenant B are B2B connected with device trust enabled, and there are devices registered in Intune for both tenants. The primary login on the devices is from their respective tenants, but users have accounts in both.

Currently, when trying to add their secondary account to Teams and Outlook, the users are blocked due to conditional access policies that do not trust devices from the other tenant.

Is there a way to enable Tenant A to trust devices managed by Tenant B's Intune to allow users from Tenant A to sign into the desktop apps on Tenant B device?

ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2024-11-22T08:21:47.88+00:00

@ASHWORTH Mark, since your issue is related to Microsoft Entra External ID and there is someone who familiar with it sharing the information you can refer to. Hope it will help.

Accepted answer

0 additional answers

Your answer

ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2024-11-22T08:21:47.88+00:00

@ASHWORTH Mark, since your issue is related to Microsoft Entra External ID and there is someone who familiar with it sharing the information you can refer to. Hope it will help.

Answer 1

Bandela Siri Chandana 3,055 Microsoft External Staff Moderator

Hi @ASHWORTH Mark

Thank you for posting your query on Microsoft Q&A.

I realize that users are denied access owing to conditional access controls that do not trust devices from the other tenant.

So, you're attempting to trust devices maintained by Tenant B and allow Tenant A users to sign into desktop apps on Tenant B devices.

If you have already enabled cross-tenant settings, make sure to enable the "Trust compliant devices" option in the trust settings. It enables your Conditional Access policies to accept compliant device claims from an external organization when their users use your services. This option needs to be enabled in Tenant A.

trust devices Also, if you want to access desktop applications make sure you allow desktop applications in your conditional access policy.

To access external applications, you must first approve access and enable them.

device For further reference: https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims

Hope this helps. Do let us know if you have any further queries.

------------

If this answers your query, do click Accept Answer and Yes.

Thanks,

B. Siri Chandana.

Bandela Siri Chandana 3,055 Reputation points Microsoft External Staff Moderator

2024-11-25T11:13:05.6566667+00:00

Hi @ASHWORTH Mark
Just checking in to see if above answer was helpful. If you have any further updates on this issue, please feel free to post back.
Bandela Siri Chandana 3,055 Reputation points Microsoft External Staff Moderator

2024-11-26T13:20:00.4033333+00:00

Hi @ASHWORTH Mark
Just checking in to see if above answer was helpful. If you have any further updates on this issue, please feel free to post back.
Damon Fischer 0 Reputation points

2025-03-04T02:30:41.9533333+00:00

Has anyone been able to get this to work? I have our cross tenant access setup as instructed but the compliant device claim is not coming over.

Share via

Trusting Device Compliance Across B2B Tenants in Intune

0 additional answers

Your answer