Forum Discussion
Two factor authentication and Android mail client
I have put in a lot more testing into this and there is unfortunately no fix for Android devices using native email that are managed by a corporate MDM platform - Airwatch & InTune in my case.
As you say the APP Password does work but I am trying to avoid this as we don't want to manage them and they do not change without a manual process so not very secure.
The ideal is that MDM's can force OAuth requests to Android but this does not seem to be supported at the Android layer, Apple do have it though with iOS and it works.
The only other options I have worked out are -
1 - Register the device via active sync for email but it's not then managed
2 - Use the Outlook client for android - creates a massive change control issue as 99% use native email client.
Thanks for your reply though 😉
As a follow up, we ended up just recommending that people download and use the Outlook client application. The app password idea mystified users in our organization and was really hard for them to use. We pitched the idea as creating a seperate mail app segregating your work life (Outlook app) and your home life (Default mail app). We've had many people within the org thank us for this concept.
- I prefer to have all my calendars in one place, and I prefer the folder (sub folders) handling in the native Android mail client.
If I disable MFA and go back to the point we had no issues, what am I risking?KCox61 Greetings, I did not see a reply to your question so if I may. MFA will not effect the functionality if you get it working and it is usually a one time deal.
What is at risk, should someone gain access to your credentials, they will be able to use them on any device to access your emails and your Office account as a whole.
In todays world it is almost a necessary evil to use MFA.
That being said, I Apple and Android products I use and I prefer to use Outlook as there are no sync issue with my desktop calendars, contacts, etc..
Hope this is helpful
jp1960 Good Evening all, I want to thank you all as you have answered part of my question but I have a 2nd part that I have a bad feeling I am not going to get the answer I want to hear.
So I use verizon email for all my what I consider professional mail as I have been on FIOS for years. Not really trying to change that either. A few years back Verizon decided they did not want to handle their email anymore so they moved it over to AOL who they own. Wasn't thrilled about it but it wasn't a huge deal at the time. Past two days started seeing intermittent issues with my email. I use Outlook on my windows desktops thick Outlook client. Come to find out today that AOL is implementing mandatory OAuth2. While the Outlook solution for Android should work for my phone. Is there anyway to do MFA with a Windows Outlook thick client that would more less be an out of the box solution. I really don't want to use AOL's webmail. In my opinion anything AOL might as well be malware. I don't see a way to use the Outlook 2019 Desktop client with mandatory OAuth2.
