Forum Discussion
MFA is being discontinued?
We are new to AD Azure. We currently have local AD server just for an ERP system that syncs to AD Azure. All accounts are maintained in AD Azure. We have already enforced MFA for 100 employees usi...
I'm sure there is a solution. Calendar and contact syncing to your native apps can be heavily controlled by your MDM, so that could be interfering.
If you do not use an MDM I would suggest Enabling and enforcing MFA for an account. Blow away all of your active sync profiles (Outlook contacts, calendar - these are all 3 separate entities by the sounds of it), and then reconfigure your profile with Modern authentication. You should be able to sync your calendar and contacts through to the native apps - there is an option in the Outlook profile that you need to enable for it.
That being said, I am using InTune and Android Enterprise with the corporate owned devices and work profiles (COPE) on our Samsung devices. We are seeing a lot of weird behaviour\bugs with the native calendar and contacts being used when the mail profile is configured through Outlook. Including things like the options to sync the calendar is not there if we setup the Outlook profile the first time we launch the app. If we open the app, close it, and then open it again and set up the Outlook profile the contacts and calendars sync properly. Don't forget to look to ensure the sync calendar and sync contacts is an option within the profile, as it isn't on by default. Again, a lot of these bugs are likely due to the MDM, not Outlook itself. We're still trying to sort it out ourselves.
I still stress that conditional access is also really important to look into that if you license allows.
meggerz We do use MFA and enforce it on all accounts hence why I was concerned it was being "discontinued." What was happening is when you add the Outlook app then remove the ActiveSync account, all contacts get lost because they are either just on the phone and not syncing or other issues.
We do not use any MDM solution because even Microsoft's InTune and Blackberry will NOT allow us to unlock any Android phones or change their PINs/google accounts so even though all are corporately owned devices, we have zero control over that unless we do full wipes and make them work-only phones (which we will NOT do). We are not a government and having to have fully controlled devices just to use these features is absurd.
So basically an Employee quits and we have to pay Google $85 to unlock their google account. Ridiculous.