We are considering rolling out some kind of MDM solution such as Good or AirWatch or Mobile Iron etc..

The main reason is to prevent EAS policy bypass by users who root or jailbreak or just install alternative mail apps on their phones that can access EAS accounts without following activesync policies (new Microsoft Outlook App, Touchdown app etc or any other similar app.)

Many of our EAS users are business partners that already have an MDM solution for their company email. 

I have read that you cannot have multiple MDM solutions on a single device.  However, if we use the same MDM solution, is it possible to make this work?  For instance, if they already have AirWatch, can we also get AirWatch and coordinate the policies for our domain accounts?

What about some way of recognizing that a device already has an acceptable MDM solution provided by the business partner and allowing access EAS to those, but require our MDM solution to be installed on systems that have nothing.

• Edited by MyGposts Saturday, February 21, 2015 12:50 AM

it is confusing. If you plan to use the MDM then MDM policies can be enforced to the mobile devices.

usually url take care with the help autodiscover but you can give them a manual url and that can re-direct them to a different server or MDM. I have not done but this is how it can work but this case those user's will need to configure it manually or in other words my theory says you can have multiple MDM solutions.

and the example is any existing MDM and BB Fusion.

Hope that helps

I have read elsewhere that an Exchange Activesync device such as an iPhone can only be managed by a single MDM provider/profile and this is a major issue for people who access email from multiple organizations that use MDM.

So, it would seem that we would either have to somehow work with the same provider or else have a way to recognize if the device already has the other MDM enabled and allow access and only apply our MDM profile to devices that don't already have the other MDM profile.  

It would also need to recognize if they later removed the other MDM profile and then block access to our EAS until they either install our profile or reinstall the business partner's profile.

Is there a way to make this work?

If iOS and Android devices can work with multiple MDM solutions on the same device, we would probably just go with Intune's MDM instead since we are rolling out SCCM anyway.

• Edited by MyGposts Sunday, February 22, 2015 1:25 AM

on a device - I'm not sure - it may be a limitation. I will also check with other MDM provider and if it not possible then it is a technology limitation.