Forum Discussion
Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern
I also have a client where I enabled Microsoft MFA. In reading through this thread and several others, Apple's included. I have found that the easiest fix was to allow Exchange ActiveSync clients in the Client apps section within the Conditional Access policy. Once I enabled Exchange ActiveSync clients, my users that used the default Apple Mail app were once again able to access their email.
Hopefully, this will work for others and save them a little bit of time.
JQ_IT_Admin Please somebody correct me if I'm wrong, but wouldn't allowing ActiveSync open up a security hole (since it's a basic authentication method)?
I have a couple of iOS users who are having the same issue since enabling MFA and disabling basic authentication methods. Some but not all. I have also been recommending the Outlook app & appreciate vortiz posting the link about syncing contacts through the app.
I may take this up with MS support to see if I can get any further. Will update the thread if I do!
- The Apple Mail app supports Modern Auth since iOS 11. But when configuring the accout, be sure to use 'Sign-in' and not 'setup manually'. Setup manually will cause basic auth
I can confirm what Thijs Lecomte said. We enabled MFA across the company on 9/1/2021. Many but not all iPhone users had this problem where the built-in mail app kept asking for the password. We found the solution was this:
1. Delete the exchange account from mail settings.
2. Add the mail account back again.
3. Choose "Microsoft Exchange" NOT Outlook.com (Important)
4. Enter email address. The default description of "Exchange" is fine.
5. When prompted for "Configure Manually" or "Sign In" choose "Sign In". This is the critical thing. the “Sign In” option supports MFA authentication, “Configure Manually” does not.
6. Enter your password and do the MFA approval.
7. After verification, you’re good to go.
Our conditional access policy still has this:
