I often get this question from customers and colleagues : What is MDM authority

MDM authority is set when setting op the Intune subscription. This can be change after worth but requires a Microsoft Support Case. See later in this blog post.

In the Intune console you can see what MDM authority your tenant is set to.

Go into http://manage.microsoft.com

Admin -> Mobile Device Management



There is 3 different MDM authority state.

Mobile Device Management Authority – Set to Microsoft Intune – also known as Intune stand Alone

This covers:

Intune at its core is a cloud service. There are Intune datacenters hosted in North America, Europe and Asia providing mobile devices with security policies, email and Wi-Fi profiles, applications, inventory, and more.
An Intune standalone implementation does not require any on-premises infrastructure. All configuration, management, deployment and reporting are performed via a web-based console, which is accessible from anywhere in the world.
For working with on-premises applications, such as Microsoft Exchange and Network Device Enrollment Service (NDES), on-premises connectors are available to provide connectivity into the Intune service.
Being a cloud service, Intune can be built and deployed in a short timeframe.


Mobile Device Management Authority – Set to Configuration manager – also known as Intune hybrid

This covers:

For organizations who want to maximize their Configuration Manager investment, customers who need fine-grained control, or customers who exceed scale limitations of Intune, a hybrid implementation that uses Intune to manage mobile devices is available.
Hybrid deployments require Microsoft System Center 2012 Configuration Manager SP1 or above.
The Intune service is connected to Configuration Manager with the Service Connection Point site system role (formally known as the Microsoft Intune Connector), which installed at either central administration or primary site of a Configuration Manager hierarchy. An Intune tenant can only be connected to one Configuration Manager hierarchy, and a Configuration Manager hierarchy can only be connected to one Intune tenant.
In a hybrid MDM configuration, some of the processing and storage overhead is performed by Configuration Manager infrastructure on-premises. This efficiency gain allows hybrid MDM to scale further than Intune standalone.
A hybrid deployment allows the use of tools that are familiar to Configuration Manager admins. Advanced functionality such as Role Based Administration Control (RBAC), SQL Server Reporting Services (SSRS), and complex device and user grouping using Collection Membership Queries become available for mobile devices when hybrid MDM is implemented.


Mobile Device Management Authority – Set to Microsoft Intune and Office 365- also known as Intune hybrid

This is relative new – beginning at the end of 2015 as preview

  • A user who has been assigned an Intune license, either through IAP (Intune Account Portal) or the EMS (Enterprise Mobility Suite) Portal, is managed by Intune.
  • A user who does NOT have an Intune license, but DOES have an Office 365 license assigned (through the Office 365 Portal), is managed by O365MDM.
  • A user who has been assigned both, an Office 365 license and a Microsoft Intune license, is managed by Intune.


It is possible to get the MDM Authority changed by creating a service request.

Go into http://portal.office.com – start the Admin Center

Click on the Support logo


Select Support


In the Create a service request

Select Mobile Device Management


In the New service request form

Select  Feature: Intune: Service Administration

Symptom: Reset mobile device authority

Issue summary : Reset mobile device authority

Issue details: Please Reset mobile device authority. It is because ….



Then follow the instructions from Microsoft support.

Beware that the Microsoft Support will ask you to clean up your tenant for devices. policy, etc.