Forum Discussion
Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern
I suggest testing iOS 12 (beta 6 is out now). I presume Apple has done more engineering on MFA (OAuth), plus OAuth can now be configured via a MDM profile in iOS 12 (for those who need to manage and mass-deploy Exchange/ActiveSync settings to hundreds - or thousands - of iOS devices). Currently Mail.app's OAuth/MFA settings must be configured manually in iOS 11.
iOS 12 will likely be released in September 2018.
" MFA (OAuth), plus OAuth can now be configured via a MDM profile in iOS 12 "
How?
We've got O365 MFA working fine. We are turning on basic MDM for a group of users.
Problem is that the activesync account created by the policy on iOS devices requires an App password for the native mail app.
- snorma01May 09, 2019Copper Contributor
Jason Simotas I believe I am having exactly the same problem. It sounds like full Intune administrators can enable OAuth in their profile, but I can't find a way to do this with Office 365 MDM. Have you found any way to deploy a mail profile using Office 365 MDM that works with MFA/Modern Auth?
- vortizJun 03, 2019Copper Contributor
snorma01 I have run into this issue as well. Most all iPhone users have the MFA loop and i cannot seem to figure out hot to stop it. Because some users refuse to use the Outlook app
- snorma01Jun 03, 2019Copper Contributor
vortiz Yes my only current workaround for MFA users is to have them use the Outlook app. But I also have my users register their devices using Office 365 MDM (Intune Company Portal app). This automatically adds the account to the default iOS mail app, but it doesn't work for MFA users because it is not configured with OAuth/modern authentication, and this causes all kinds of problems for the users. I believe the full version of Intune MDM has an option to enable OAuth now, but it hasn't been addressed in Office 365 MDM for whatever reason. If this could be fixed it would be easy for users to set up their email in the default mail app when they register their devices. With MFA being recommended for all users these days, it's ridiculous that Office 365 MDM doesn't support it!