Trusting Device Compliance Across B2B Tenants in Intune

ASHWORTH Mark 0 Reputation points
2024-11-21T08:30:20.2366667+00:00

Tenant A and Tenant B are B2B connected with device trust enabled, and there are devices registered in Intune for both tenants. The primary login on the devices is from their respective tenants, but users have accounts in both.

Currently, when trying to add their secondary account to Teams and Outlook, the users are blocked due to conditional access policies that do not trust devices from the other tenant.

Is there a way to enable Tenant A to trust devices managed by Tenant B's Intune to allow users from Tenant A to sign into the desktop apps on Tenant B device?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,251 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,937 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,289 questions
{count} votes

1 answer

Sort by: Most helpful
  1. BANDELA Siri Chandana 325 Reputation points Microsoft Vendor
    2024-11-21T14:25:28.1766667+00:00

    Hi @ASHWORTH Mark

    Thank you for posting your query on Microsoft Q&A.

    I realize that users are denied access owing to conditional access controls that do not trust devices from the other tenant.

    So, you're attempting to trust devices maintained by Tenant B and allow Tenant A users to sign into desktop apps on Tenant B devices.

    If you have already enabled cross-tenant settings, make sure to enable the "Trust compliant devices" option in the trust settings. It enables your Conditional Access policies to accept compliant device claims from an external organization when their users use your services. This option needs to be enabled in Tenant A.

    trust devices Also, if you want to access desktop applications make sure you allow desktop applications in your conditional access policy.

    To access external applications, you must first approve access and enable them.

    device For further reference: https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims

    Hope this helps. Do let us know if you have any further queries. 

    ------------  

    If this answers your query, do click Accept Answer and Yes.

    Thanks,

    B. Siri Chandana.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.