Forum Discussion
Office 365 MFA Enabled Users and the Apple Mail app for iOS Concern
Well, now that I started this thread I get to add to it again. For a while there things were working and I have no explanation why. Maybe Microsoft updated something or Apple did, but it appears to be back with our customers using the native iOS Mail app. Now that Microsoft is updating O365 tenants with modern authentication, iOS users have started to lose access to their mailboxes and a continuous prompt for the password with a very weird process. I thought I would retest and have run into the same thing users are reporting. When modern authentication is enabled through the O365 tenant the user has to continuously sign in and while trying to sign in the dang pop up of edit settings keeps appearing which confuses users and they click edit again and it starts over, you just have to clear that message an finish entering the password. When MFA is enabled in additional with MA, same continuously process added with the two-step. It's pretty absurd. I am to replicate this on an 7+ and Xs Max. Both with the latest iOS (12.4). I try to get them to switch to the MS Outlook app, but some are just sticklers...
I also noticed that if you enabled a Conditional Access policy that blocks Exchange ActiveSync, it will also stop native Mail app from working.
Microsoft feel free to chime in here and tell us what the heck is going on!
Alex Melching I opened a support case with Office 365, and their eventual response on 6/12/19 was:
"After working on the issue and doing more research just came up with, this is a normal behavior. After cooperation between our engineers and apple engineers the provided option(OAuth) was only for Intune enrolled devices and is not available for MDM enrolled devices yet."
They also pointed me to the UserVoice at https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/31740142-modern-authentication-for-native-mail#{toggle_previous_statuses}, but that was already in "Completed" status at that point (referring to Intune only and not Office 365 MDM) and no one is looking at it anymore.
I also tried submitting a request on the Github for Exchange Online Documentation (which I got pointed to by some document or another), but the moderators there only suggested opening a ticket with Office 365 support, which as I mentioned previously did not go anywhere.
It seems like everyone wants to just point a finger at someone else, and no one wants to take responsibility for fixing this major oversight. It is currently impossible to use Office 365 MDM for MFA users, and MFA support is absolutely a requirement for a working product in 2019.