One Microsoft Endpoint Manager (MEM) account and 2 Azure Accounts

jreece22 0 Reputation points

Let me lay it out here:

We have two Azure Tenants. One of which is tied to an Office365 account and the other is just a standalone tenant. We'll call one AAD/O365 and the other just AAD. The two tenants have a trust between them.

We also have 1 Microsoft Endpoint Manager tied to the AAD/O365 account. This is where all of our MDM lives with Conditional Access policies as well.

We would like to be able to apply those Conditional Access that live in the AAD/O365 tenant to the AAD tenant. Is this possible?

The reason is because we do not want users to be able to login to their accounts on personal devices. We have this restricted in the AAD/O365 tenant, but the AAD because we have no MDM with that tenant.

I've tried to set exclusions for Device IDs from the devices enrolled in MEM, but it doesn't work and I believe it doesn't work because the DeviceID isn't associated with the AAD tenant.

Is there a way to import all the enrolled devices in our MEM into our AAD tenant so that those device ID then have something tied to it in that tenant?

Please advise.


Joe Reece

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,307 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,395 questions
{count} votes