Forum Discussion

Alex Melching's avatar
Alex Melching
Iron Contributor
Aug 02, 2018

Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern

Office 365 MFA and the Apple Mail app for iOS concern? We ourselves and several customers using Office 365 have noticed a recent issue with the Apple Mail app for iOS when Office 365 MFA is enabled. ...
Authentication
office 365
Dan Stranathan's avatar
Dan Stranathan
Copper Contributor
Aug 10, 2018

I suggest testing iOS 12 (beta 6 is out now). I presume Apple has done more engineering on MFA (OAuth), plus OAuth can now be configured via a MDM profile in iOS 12 (for those who need to manage and mass-deploy Exchange/ActiveSync settings to hundreds - or thousands - of iOS devices). Currently Mail.app's OAuth/MFA settings must be configured manually in iOS 11.

 

iOS 12 will likely be released in September 2018.

Jason Simotas's avatar
Jason Simotas
Copper Contributor
Oct 30, 2018

" MFA (OAuth), plus OAuth can now be configured via a MDM profile in iOS 12 "

 How?

 

We've got O365 MFA working fine. We are turning on basic MDM for a group of users.

Problem is that the activesync account created by the policy on iOS devices requires an App password for the native mail app.

  • snorma01's avatar
    snorma01
    Copper Contributor
    May 09, 2019

    Jason Simotas I believe I am having exactly the same problem. It sounds like full Intune administrators can enable OAuth in their profile, but I can't find a way to do this with Office 365 MDM. Have you found any way to deploy a mail profile using Office 365 MDM that works with MFA/Modern Auth?

    • vortiz's avatar
      vortiz
      Copper Contributor
      Jun 03, 2019

      snorma01 I have run into this issue as well. Most all iPhone users have the MFA loop and i cannot seem to figure out hot to stop it. Because some users refuse to use the Outlook app 

      • snorma01's avatar
        snorma01
        Copper Contributor
        Jun 03, 2019

        vortiz Yes my only current workaround for MFA users is to have them use the Outlook app. But I also have my users register their devices using Office 365 MDM (Intune Company Portal app). This automatically adds the account to the default iOS mail app, but it doesn't work for MFA users because it is not configured with OAuth/modern authentication, and this causes all kinds of problems for the users. I believe the full version of Intune MDM has an option to enable OAuth now, but it hasn't been addressed in Office 365 MDM for whatever reason. If this could be fixed it would be easy for users to set up their email in the default mail app when they register their devices. With MFA being recommended for all users these days, it's ridiculous that Office 365 MDM doesn't support it!

Resources